Greeeeeaaaat.

Oh, wait - they had it behind three locked doors and two passwords. And on a Windows NT4 SP1 server. So, you know.

We need personal privacy theft penalties. The existing criminal statutes do not adequately cover this kind of stuff - where our valuable "property" is trusted in the hands of a second party, and which changes hands without our knowledge.

Why can't I get a list of who has my SSN?

"The company said the server was ... not encrypted." [facepalm]

Which company I wonder... now might be a good time to dispute some things jk

What kind of stupid company has sensitive data like this stored on a computer and doesnt properly protect it?

Oh Collections Agency. That explains it, those guys break laws left and right why would anyone expect them to store secure data?

Wait, you stole a server full of names and info of folks who are in collections? What the hell are you going to do with it, be declined for credit cards in others names? (Yes, I know the risks, just trying to make a joke.)

How the hell do you not have cameras on the room that has your servers in it? We have cameras all over our server room and you have to use a key and a numerical keypad to get into the room. Not only that, servers aren't exactly light objects.

Just think, if they took the UPS unit, they won't even have to reboot to get the info.

And who cares about credit ratings? These should be pretty complete identities, ready to sell to illegals.

How exactly does one physically steal a server? Looks as if the thief knew exactly what he was looking for, however.

'A lot of the data is old and potentially of little value-one hospital says the accounts it passed to the agency were all at least three years old or older.'

How is that information of little value? As far as I know, most people don't change their names or social security numbers after 3 years.

I dont even know what to say, that is just terible!

@ivanthemute: I was thinking the same thing... "You stole the data of people with NO MONEY. Way to go, Einsteeeeeen!"

Alright. Couldn't have happened to a nicer bunch. Debt collectors really are the bottom rung of society, right below tow truck drivers, but above pedophiles. Not because of what they do -people should pay their debts- but because of the sleazy way they go about it.

I love the lame attempt to put a happy face on it ,'A lot of the data is old and potentially of little value'. Right. Let me know when my social security number expires so that I can get a new one.

@loueloui:

Visit [www.deathclock.com] and you'll get your answer.

i still dont pay hospital bills, and don't give a damn about my fico score

I think its time that companies (voluntarily if not mandatory) follows similiar guidelines that the goverment uses for handling confidential and classified information. Of course I realize that not everyone is intelligent or has has enough common sense to understand and use those types of procedures.

And as much as I don't want Congress to get involved in identity theft I do think that companies that don't secure this info should be made to pay multi million dollar penalites. (Maybe THAT would force them to institute severe security measures).

I can't see the credit card details of people on a collecting agencies database being very useful :)

Astos Green lasers rulz

ok, a fucking SERVER was stolen?
i understand if they don't care about the data on the server (it should be backed up elsewhere) but how do oyu allow someone access to your server room, then let them walk out with one of your servers??

no, no, no. you guys have it all wrong. this is not identity theft. this is a radical new approach to collections that we're testing. we call it p2p skip tracing.

Isn't this the fault of the people who ended up in collections in the first place?
If you paid your bills, they wouldn't have your info!!

Seriously, my 'sensitive' data on my own computer is encrypted (with the password "Kal-El" :)

@ivanthemute: hey, they can only improve my credit. :/

@hejustlaughs:
Don't you mean " www.Dethklok.org "?

Side note: I'm from Indiana. This actually sucks.. They probably have my info.. If they steal my ID, that just means theres more of me to go around :D

Everyone bashing us people in collections can kiss my arse. I had a bad accident (dominant hand was Bush'd up baaad) and I was out of work, so I've got over 10k in hospital bills, plus a cellphone bill that I couldn't pay at the time. That was 2 years ago now, and I'm working on paying those bills off, but I was told by an attorny they'll still have my information on file afterwards for so long... Thats so awesome...

Crap. So what am I supposed to do now? They were one of the collections agencies that have been trying to get me to pay a bogus verizon account since 2001.

I guess I need to freeze all my account information with the big 3. Do I get to send the bill to them?

Who needs hacking or exploits when you can just walk out with not a duplicate or backup disk but that ACTUAL server...

Yahhh.. Keystone cops securty ftw!

I would like someone to explain to me why we don't have more laws protecting consumers from the credit bureaus.

It seems to me that no one has a right to make a profit off of me and the work and effort I have put into my life but me.

Am I just whacked in the head or am I normal for thinking that?

I do like the statement that the "data is old and of little value." If it's of little value why was the collection agency keeping it. It's obviously of value to them and probably many others - just for the SSNs themselves.

@unclescrooge: ^^ whacked in the head.

;P

This would be a good place to tell people how to freeze their credit reports?

Yay! Good thing I pay my bills on time!

So they had it behind three locked doors. Unless the locking mechanisms or the doors themselves were weak, this smells like an inside job. All the more reason to encrypt sensitive data.</SPECULATION>

@gqcarrick: There are lots of places that have sensitive information that isn't encrypted on a SERVER. For instance, SSN is often a table key for a person, and it's often clear-text in the database. And a "server" doesn't have to be that big. I have a Terabyte server that's the size of a desktop. Emphasis is generally to encrypt off-site or information physically leaving the data center.

It seems it was reasonably physically secured, which for a server is generally sufficient. I agree with AstroPig7, for someone even to break through three doors (and know a rich target is there) to get at the thing, this smells to me of an inside job.

@loueloui: "Couldn't happen to a nicer bunch..." - The problem I have with your statement is the actual victims are the people who's information is now available to criminals. The collection company will have the hardware replaced by insurance and data restored from backup. Inconvenience for a few days. The people who's information was on the server will have to watch their credit reports for years to come.

What I find infuriating about this is that some of these credit agencies collect on bills that have already been settled. How many times on the Consumerist do we see stories of people being harassed by collection agencies for debts that no longer exist? When I bought my house a few years back, the mortgage broker was telling us that with regard to medical billing, unless the dollar amount on the credit record is through the roof (thousands, etc) they ignore it - it's that well known that the credit agencies aren't always on the up and up.

So there are some people in that database who probably aren't deadbeats, and never have been.

Stolen my ass............id like to see the police report.

@lesbiansayswhat: I change my Social Security number weekly, that way I never have these stupid problems.

Oh yeah... I don't do that because I can't. The damn thing isn't supposed to be used for anything except as a retirement account number. Collection bureaus, schools, States (DL number), Health Insurance companies, EVEN CELL PHONE COMPANIES etc. all use it as a damn mandatory "identifier" that you can't change. If mine's ever breached, I'm listing Sprint, Transunion, Experion, state of Illinois, and others as likely suspects in the theft. Biometric data, if they ever get THAT scam passed, will only be worse - whaddya going to do when THAT data is compromised - change your fingerprints or irises?

@dweebster: You know the next step..Mitochondrial DNA samples.

I've been in many small offices (5-30 employees) where the server is sitting under someone's desk; in others it may be in a closet but it's generally not locked. Most of these are in one industry, but it doesn't seem to be the line of business that matters, it's the size of the business.

I strongly suspect that this company is in that small-business category, and until companies get a bit bigger they generally don't have the money or space for a dedicated server closet - particularly if they only have one or two servers. In a lot of cases, the closest thing to real security they have is that they're running dedicated systems on SCO Unix and nothing else out there likes working with SCO's funky partitioning system.