Global Security, Privacy, & Risk Management

Now Data Thieves Steal…Credit Reports? March 27, 2012

A great story on MSNBC outlines yet another method being used by data thieves to monetize private information.  According to the story, data thieves are stealing credit reports and then reselling to identity thieves.  The process works like this.  A data thief steals credit reports from the credit reporting agencies.  Depending upon the score (higher the better) the data thief then resells the report to an identity thief who uses the report to get credit in the user’s name.  Because the credit report has so much information, it makes the process of assuming someone else identity very easy.  Remember, full credit reports have social security number, banks, loans, mortgages and other information.  Much of authentication being used today relies upon the additional personal questions such as: “which is a bank at which you have had an account?” Most of the sites hosting the stolen reports have an .su domain which was used for the Soviet Union.  According to the report, the hackers brag about how easy it is to hack into certain sites such as: AnnualCreditReport.com or CreditReport.com.  Depending upon the score on the report, each report can command as much as $80 (for higher scores) or have that amount for lower scores.

This adds yet another wrinkle for people to fear.