Several credit reporting agencies called for both consumer and industry diligence yesterday after thousands of consumer credit reports were downloaded from the firms’ computer systems and sold.
On Monday, the U.S. Attorney’s office in Manhattan announced that consumers have so far reported $2.7 million in damages from the theft. Three men had been arrested and charged with selling the stolen information. The records were used to drain bank accounts, apply for new credit cards and open lines of credit, according to the U.S. Attorney’s office.
Some of the credit-reporting firms disassociated themselves from the security breach.
“This was not a failing of security processes and procedures within the industry,” said Experian spokesperson Donald A. Girard. “This case involved a rogue employee. It’s my understanding that the individuals are alleged to have used the correct security codes and passwords to gain unauthorized access. It wasn’t that anyone hacked into the system.”
According to Girard, 15,000 of Costa Mesa-CA-based Experian’s reports were among the 30,000 downloaded.
About 170 individuals had reported anomalies within their files but no link had been established between the reported theft and the discrepancies, Girard said.
Both Experian and Equifax had been notified this summer about the investigation and had contacted affected individuals. The firms offered consumers a year’s free access to their credit files, as well as access to an e-mail service that alerts them when a request to view their files has been made.
Some are concerned that the amount of media coverage the investigation has gotten in recent days could put pressure on the agencies to improve security.
“Credit bureaus will be on the defensive, and will have to explain why it is ‘so easy to pull credit reports,” said Marty Abrams, executive director of the Center for Information Policy Leadership at the law firm of Hunton & Williams in Atlanta. “This is not a credit-reporting problem. It is a business-process problem. You have intermediaries who pull the credit reports for the grantors. You have the agencies, which need to screen the individuals they hire. There are multiple places where the system can break down.”
Abrams warned that legislation, similar to a California law that allows consumers to “lock down” credit reports, could follow.
Others cautioned against a legislative rush to judgement.
“I think it would be a grave mistake for policy makers, based on this rare, extremely unique example of fraud, to introduce legislation,” said John Ford, chief privacy officer at Equifax in Atlanta. “I don’t know that there is any legislation that would stop that from happening without absolutely shutting down the credit industry.”
Experian and Equifax stressed the need for consumer education to prevent fraud or mitigate its effects. At the same time, they called for diligent prosecution by law enforcement and continued research and development of security measures.
The Direct Marketing Association applauded the law enforcement efforts to date.
“We think that any sort of fraudster should be prosecuted to the fullest extent of the law,” said Louis Mastria, director of public and international affairs. “It’s a double fraud–it steals both from the marketer and consumer. The collection and sharing of this information is key. And sometimes it is key to combating ID theft.”
The security break came from within Teledata Communications Inc., a Bayside, NY-based independent credit-accessing firm.
Monday, Teledata Communications released a statement reading: “We learned today that Philip Cummings, who was employed by this company from May 1999 until his resignation in March of 2000 has been arrested on charges relating to and ID theft scheme. We have been aware of a pending confidential investigation by federal authorities into such a scheme for approximately 8 months.
“During that time we cooperated fully in that investigation and we are pleased to learn that it has apparently come to a successful conclusion. We will continue to give our full cooperation to the Federal Bureau of Investigation and the U.S. Attorney.
“It would, in our view, be inappropriate for us to comment on the pending prosecution against Mr. Cummings.”
The company declined to make further comment.
The FBI also charged Linus Baptiste and Hakeem Mohammed with the thefts.
Ford Motor Credit Co. discovered the theft. Melinda Wilson, spokesperson for Ford Motor Credit Company, said that the Dearborn, MI-based firm was one of “dozens” allegedly targeted by Cummings and his partners.
“We contacted the FBI and the Federal Trade Commission in February when consumers began calling Grand Rapids branch saying, ‘I never applied for a car loan from Ford Motor Credit,'” Wilson said.
In all, Ford contacted 13,000 applicants whose said they had not applied for an auto-credit loan. Wilson said her company had done “everything humanly possible” in response to the situation, including refining its own security procedures and setting up consumer contact centers for the individuals that had been affected.
Network
