A pile of sensitive personal data from Florida residents is now on the loose online. But it wasn’t leaked from a hack or a breach. It was from a completely legitimate public records dump by the state’s former governor.
“An auto dealership checking a consumer’s credit through TransUnion is not required to have the individual’s social security number (SSN) in order to submit the request,” says Steven Katz, a TU spokesman. Does the dealer need your permission to do that? “The dealer does not need ‘permission’; rather, it needs only certify a permissible purpose (such as extension of credit),” says Katz. [Consumer Reports]
As several readers discussed in yesterday’s post, utility, phone, and cable companies usually require your Social Security number in order to perform a credit check before activating service. You don’t have to provide it, but they don’t have to extend their services to you either. Here’s one reader’s explanation of how he was able to turn on water, electricity, gas, and an AT&T land line without turning over his SSN.
A few days ago we linked to a Baltimore Sun article that investigated the recent accidental release of private patient data online by The Dental Network. Now the reporter who broke the story, Liz F. Kay, has contacted us with news that “this was the largest of nearly 40 breaches affecting Maryland residents” since a disclosure law went into effect in January:
Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.
Last month, The Dental Network—a dental HMO owned by CareFirst BlueCross Blue Shield—discovered it had accidentally revealed personal data and Social Security numbers online for about 75,000 of its customers. It told the members about the screw-up three weeks later. “The company says that to its knowledge, no one has misused the information. But it says ‘the risk … should be taken seriously,'” and it’s offering affected members one year of credit monitoring. After that, as you know, the thread of identity theft plummets. Wait, what?
David C. Richardson, the owner of Rhode Island Refrigeration in Providence, Rhode Island, overheard two customers speaking Spanish to each other, so he asked them to produce proof of citizenship. According to them, he then threatened to call Immigrations and Customs Enforcement (ICE) and make a citizen’s arrest, although Richardson denies he picked up the phone, but not that he made the threats. In fact, he says he’s done this “fifteen or twenty times” in the past and refuses to do business with those who won’t show their Social Security cards.
A new Consumer Reports survey says that 89% of Americans want the government to implement better safeguards on their social security numbers, and that 87% “claim to have been asked in the past year to provide their Social Security number, in whole or in part.” [MSN]
I have a friend that moved to NYC a little while ago from Iowa. She hadn’t switched to a NYS Photo ID yet, as she isn’t sure if this is going to be a permanent move, so she has been using her Iowa State Photo ID (non-Driver’s License, which is important as you’ll see) around town.
The Tao of Making Money has collected a bunch of interesting facts about Social Security Numbers, for example:
In the latest sign of the U.S. banking industry’s aggressive pursuit of the Hispanic market, Bank of America Corp. has quietly begun offering credit cards to customers without Social Security numbers — typically illegal immigrants.
Imagine getting mugged in LA and having your social security card stolen. It might not seem so far fetched that its number would be used to graft an identity onto an illegal alien. But what might be a surprise, is if years later, the guy’s still walking around with your name and you go to the car lot, they run a credit check, and not only does the guy have several cards in your name, he has way better credit than you do!
Has your Social Secrity number been stolen and used to get access to your credit? A CBS producer working on an identity theft story would like to speak with you. If you’ve been victimized in this way and would like to share your story, drop an email to email@example.com. We’ll be your merry matchmaker.
Reader Drew L pointed out this serious snafu on the part of tax giant H&R Block:
I read something on your site about a company or three using a security breach to sell identity protection services. Well today I received a letter from H&R Block (I did my taxes online free there last year, great site). They described how through an error they placed customers’ social security numbers in a 40-digit alphanumeric code on the outside of some free TaxCut software they had sent out. The kicker here is that they were simply writing to inform customers of the mistake and to apologize… no services were offered, sold, or otherwise browbeaten. I thought that part was remarkable.
We don’t know exactly what they could have done to fix the error—the damage is done. But it does feel like they should be offering some recourse.