Custom Search

September 30, 2011

Slow news day ...

... in the FCRA world.  But here are a few articles worth a quick look:

An article by Holly Culhane about concerns over Social Intelligence - a CRA that publishes reports to potential employers (and presumably others) utilizing "deep searches" of consumers' social networking sites such as FaceBook and MySpace. -

A Washington Post article about an FDIC probe of Discover Card's sales practices, including its marketing of its identity theft protection services -

A man sues his bar (CRAAAAZY, I know!) because they published his credit card's expiration date on multiple receipts over a period of time - this one's a stretch even for me.  Here's the article -,0,5085973.story


September 29, 2011

Goldman Sachs got hacked

Hackers going by the twitter name of @CabinCr3w were apparantly able to hack Goldman Sachs' computer system.  The hackers sent off a tweet that directed followers of their twitter account to the Pastebin website.  The Pastebin website allows users to paste information to the website anonymously, where it is stored for a period of time.

The hackers pasted the personal information of Goldman Sachs CEO Lloyd Blankfein, including his age, recent addresses, education and even a listing of the legal cases he has been involved in.  The pasted information also included the e-mail addresses and titles of more than eighty employees of Goldman Sachs. 

Thousands at risk of identity theft from stolen laptop

A stolen laptop has put thousands of former patients of two Minnesota medical care providers at risk of identity theft.  A laptop containing the personal identifiers and other private information of approximately 14,000 patients of Fairview Health Services and 2,800 patients at North Memorial Medical Center, both of Minneapolis, was stolen out of a locked car located in the parking lot of a Minneapolis restaurant.

What's worse?  The data on the computer was not even encrypted.  In this electronic age, there's simply no excuse for massive amounts of personal identifiers not to be encrypted.

What's worse than that?  The medical care providers knew of the stolen laptop mere days after it was stolen on July 25 but are just now taking steps to inform the patients of the privacy breach.  Two months worth of proactive measures are now lost to these victims.

"Obviously, we take this event seriously," said Dr. Mark Werner, one of the senior physician leaders at Fairview. "It's deeply regrettable."

Obviously not.  Or you would have informed these patients whose identities your company exposed much, much sooner.  Just this week, two months too late, letters are being sent to those potentially affected, informing them of what happened and offering free services to protect them from identity theft.

The medical care providers claim "there's no evidence that the information has been misused."  Well, of course there's no evidence of any misuse.  You've kept the only people (other than the identity thieves) that would know of the misuse in the dark for the past two months.  Its very likely the identity thieves have already run amok using the credit histories of their victims and, if the victims are even aware of the theft of their identities, they have not linked the crime to the gross negligence of their medical care providers in failing to properly secure their personal identifiers. 

Give it a few more months (assuming those letters really do go out this week) and I bet there will be truckloads of "evidence of misuse". 

To those unfortunate victims of Fairview Health Services and North Memorial Medical Center, you need to check your credit reports, aggressively dispute any errors (whether resulting from identity theft or not) and then hire an attorney versed in the intricacies of the Fair Credit Reporting Act to represent you against the medical care providers who breached your trust and against any credit bureau or furnisher who refuses to correct your credit histories.  If you need the name of a good FCRA attorney in Minnesota, contact me and I will be happy to provide one.

September 28, 2011

Trans Union takes on Asset Acceptance

Trans Union has filed a lawsuit in the Circuit Court of Cook County, Illinois (i.e. Chicago - TU's home town) against Asset Acceptance, a collection agency notorious among us FCRA and FDCPA lawyers for reporting incorrect information and being pretty ruthless, immoral and unethical in its collection tactics.  For instance, I have sue Asset Acceptance many times.  I can think of one client who I have represent in not one, not two but three lawsuits against Asset Acceptance due to its illegal collection attempts against him.

Apparently, Trans Union's lawsuit against Asset Acceptance arises from a federal class action filed against Asset Acceptance alone.  This case is styled "Johnny Wang v. Asset Acceptance, LLC," Case No. C09-04797 SI in the U.S. District Court for the Northern District of California.  According to Trans Union, Asset Acceptance's reporting of incorrect information to Trans Union to be included in the credit reports it generates led to Trans Union being added as a co-defendant with Asset Acceptance in the class action.  This opened Trans Union up to some major financial exposure.

According to Trans Union's Complaint, which I have seen a copy of, at some point Asset Acceptance informed Trans Union that it "had some serious problems" with a file on 5.7 million consumers that it had previously reported to Trans Union for inclusion on Trans Union's credit reports regarding those 5.7 million consumers.  In particular, Asset Acceptance suspected that disputed accounts it had reported to Trans Union did not include the changes made as a result of the disputes.

Since Trans Union had already incorporated these accounts into its credit history database, it informed Asset Acceptance that it was removing all of Asset Acceptance's accounts from it database and that Asset Acceptance needed to re-report to Trans Union (correctly this time) all of its accounts.  But instead of providing corrected information, Asset Acceptance again provided incorrect information to Trans Union.

Trans Union was then added as a Defendant to the Johnny Wang federal class action, prompting Trans Union to sue Asset Acceptance for indemnification pursuant to its contract with Asset Acceptance that required Asset Acceptance to report correct information to Trans Union.

I'm not sure why Trans Union is surprised that Asset Acceptance is reporting incorrect information.  Like most junk debt buyers, Asset Acceptance has little if any proof to back up the debts it claims it is owed by consumers.  Yet, these bottom feeding junk debt buyers routinely "verify" to Trans Union and the other credit bureaus that the debts they report are indeed owed, even though they have no proof to back it their so called "verification".  If Trans Union really wanted the credit reports it generates regarding consumers to be more accurate, it would bar Asset Acceptance and the other junk debt buyers from including their accounts on Trans Union credit reports until such time as these companies actually present proof of the debts they claimed they are owed.  Until then, Trans Union's credit reports will continue to be chock full of inaccuracies.

Identity thieves go high tech

Do you think you are safe because you shred your credit card bills (after paying them of course), change your password often and don't respond to e-mails from banks where you've never been a customer?  Think again.  Identity thieves are now using a new high tech device to take advantage of new features on credit cards.  This new device, which costs less than $100, allows identity thieves to electronically pick your pocket without ever touching you.

Newer credit and debit cards, as well as some driver's licenses and passports, are being made with radio frequency identity chips that transmit information.  This relatively new feature has opened up an opportunity for identity thieves to use a small device to intercept the signals being transmitted by getting close to you, within 7 feet, from what I am told.  Thus, sporting events (like the Cubs/Cardinals game I went to over the weekend) are treasure troves, since at any time you are within 7 feet of multiple people. 

Many of the banks/credit card companies whose cards use these new identity chips offer protective sleeves for the credit cards.  But for those of us who already have a "George Costanza wallet" issue - see if you don't understand the reference - this is not a good option.  Another option is a whole new type of billfold - a new type that is made of lighweight steel.  Never tried a wallet like that myself, but it is said to hamper the success of this type of identity theft.

As I have said before, there is no fool proof way to prevent identity theft.  Do your best, but be prepared to take action if and when it happens to you.  Dispute the fraudulently opened accounts early and often, with as much detail and supporting proof as you can.  And, when that doesn't work, hire someone like me to sue the credit bureaus and/or fraudulent credit grantors using the protections of the Fair Credit Reporting Act.  Only in a courtroom are your rights equal to the power of these corporations.