r/privacy • u/EchoInTheHoller • Apr 29 '24
data breach 2 million hit in massive debt collector data breach — full names, birth dates and SSNs exposed
https://www.tomsguide.com/computing/online-security/2-million-hit-in-massive-debt-collector-data-breach-full-names-birth-dates-and-ssns-exposed200
u/SloppyMeathole Apr 29 '24
Imagine thinking you just hit the jackpot, only to find out your stolen identities are from people with room temperature credit scores.
At this point just assume your identity is for sale. Lock your credit reports and watch for weird shit.
95
u/ColoradoPhotog Apr 30 '24 edited Apr 30 '24
It sounds funny, but believe it or not if you're an identity thief and scammer you don't want a victim with A-tier credit. A person with a 740-820 is going to be very aware of their credit situation in most cases, and is likely to have monitoring services or even credit locks in place.
By contrast, a person with poor-to-lower-good credit (580-650) is a very viable target. As an identity thief, you aren't looking for great rates - you're looking for an ability to open and utilize several lines before the mark realizes they've been hit.
A person in debt collections is actually a great mark for this. They are likely to miss new negative hits on their credit for an extended period of time, allowing the thief to do even more damage before getting cut off from the identity.
22
u/Tyraniboah89 Apr 30 '24 edited May 25 '24
friendly plate snobbish imagine hurry punch tie forgetful ask gray
This post was mass deleted and anonymized with Redact
21
u/dkleehammer Apr 30 '24
I would also think they are a great mark to hit them up with scammer request for payments. They are already in debt and probably not doing well at keep track of what and who they owe. With collectors names not matching the source of the debt already, it’d be easy to fake an online payment gateway.
6
u/sinthetism Apr 30 '24
Some of it is about just opening bank accounts as ways to deposit proceeds from fraud as a means to transfer it elsewhere. Not the actual credit lines.
3
u/DrinkMoreCodeMore Apr 30 '24
I monitor a lot of fraud and identity theft.
There certainly is a market for high credit score individuals. They use them for loan fraud and to open up drops (bank accounts).
1
1
21
u/properproperp Apr 30 '24
This made me chuckle 😂. Scammers about to get 2 million $300 capital one credit cards
5
u/WideRight43 Apr 30 '24
I had 2 of my store accounts locked this week from unsuccessful logins. Should I be concerned? Kohls and Fanduel that I never use.
4
u/stan-dupp Apr 29 '24
bwahhh of all the identities to steal, heard the hackers are going after green dot and unemployment next
0
u/rydan Apr 30 '24
It might just be to stick it to the company. I breached one once just so I could set up a potential class action lawsuit against them. I wasn't going to launch the suit but I figured someone else would once it became public they were breached. Then I'd get a sweet check for $2.
85
Apr 30 '24
Its been so blatant that america doesn’t care about protecting its citizens. Hold these companies accountable.
5
u/TxManBearPig May 01 '24
We need to do more than that and actually hold congress and the house accountable.
It’s inconceivable those institutions have become such massive piles of steaming shitheaded corruption.
2
May 01 '24
Agreed. This and other problems have been going on for too long, every damn week its a data breach or a company selling data. Like driving data being sold to insurance companies… wtf? They benefit from this shit and it shows with the way they drag their feet. But they sure did pass that tiktok ban real fast while everyone is a pay check from being homeless. Talk about priorities. Our government has a large internal criminal ring and those that can make a change are either too powerless, complicit or both.
25
u/notproudortired Apr 30 '24
While FBCS hasn’t provided impacted individuals with free access to one of the best identity theft protection services, it has enrolled them for 12 months of credit monitoring through the company Cyex.
FBCS are motherfuckers and should be reported to the FTC for this abusive response, on top of their prior negligence. How much you want to bet they're getting a kickback of some kind from Cyex and actually profiting off of their incompetence?
Cyex won't be a useful service to most of the victims, who already know their credit score is crap and changes a lot. Identity theft is what that group is vulnerable to. Predators will rip their already marginal, fragile situations to shreds. These are people who don't have the time or resources to unwind themselves from the hell of identity theft. It'll critically damage some of them.
2
May 28 '24
I’m one of the people who got affected by this breach and received an email for the CYEX credit monitoring service.. I started to sign up for it and then stopped to google about it first.. That’s when I found this post.. So should I sign up for this service in your opinion? I’m already enrolled in Experian credit monitoring service for another data breach that happened to me about a year ago and that “free” version is about to expire.. Not sure what to do.. My credit is fair-good. I also use credit karma but don’t know anything about freezing my credit..
1
u/notproudortired May 28 '24
You're already signed up with Experian. Why not stick with their free CreditWorks basic monitoring service? Additionally, many banks let you access your FICO score for free, and some big banks (Amex, CapOne) offer their own credit monitoring services. FICO fluctuations are good indicators that something is happening to your credit accounts, so you can watch them and decide if you need to drill down.
Even for drill-down, I'd get a full credit report directly from one of the credit reporting services (or get your annual free composite report). But there's potentially a fee there, so...
The reason I'd avoid Cyex is they're bottom feeders who basically just profit off of companies' crap security and privacy practices. However, my original post wasn't really criticizing them so much as FBCS, which was negligent and then, when the inevitable happened, just shrugged and paid Cyex to mute the problem.
2
May 29 '24
Actually, I’m signed up with IDX for the previous data breach that happened to me, and I also use Experian, my Discover card account, and my bank also offers services like you mentioned. So yeah there’s no point in using Cyex.. I’m always aware of any changes in my credit report because I get notifications from the above accounts when anything happens.. But sometimes the notifications are a little late, so maybe that could be a potential problem.
I’m finally back on my feet financially from a few bad years and I’m trying to do the right thing considering the amount of fraud and scams going on. I don’t know anything about “freezing my credit” so is that something I need to learn about and do? Thank you for your time…
2
u/notproudortired May 29 '24
Good job clawing back your credit score. I know that slog--feels good, but also makes a body feel protective about that work. I do think credit freezes make sense until you want to do something credity--get a new card or whatever. Freezes are free, a bit of pain to administer since you have to request them with all three credit reporting agencies. But then you don't have to worry about someone racking up debt in your name.
1
u/condimentia Jun 11 '24 edited Jun 11 '24
My "free" Experian monitoring service has expired many times over the years. There is a very fine print option at the bottom of the new-sign up authorization and log-in forms which says "continue with free version" or something to that effect. I believe it was required by law. I have never upgraded and I've used the free version for years. Each time I log in, I look for the very tiny script under the log-in pane, for the free version. My account is still there, as always, to monitor.
Update: I just logged in to grab the language. At the top of my log-in screen it says:
Upgrade Your Account
Try Experian CreditWorks℠ Premium for 7 days for free, then pay just $24.99 each month†. You may cancel anytime if not satisfied.
There is a link with a credit card symbol.
But at the VERY bottom of the page in fine print it says:
No, keep my current membership.
(Which is free). I clicked that, and there is my account, same as always.
1
Jun 11 '24
You’re exactly right… I’m glad I noticed that little fine print button at the bottom.. Mine says “keep my current membership,” which is free and does everything I need.. However, I don’t know if I should have some kind of credit monitoring that’s “live” and instantly notifies me of changes.. My current notifications, such as a new account opening that I just got and was mine, always come after the fact.. Do you have a “freeze” or “lock” on your credit? I’ve seen that but haven’t looked into much.. Sounds like it might be a good idea
2
u/condimentia Jun 11 '24
I have not needed to freeze or lock my credit except when I'm traveling, but, I can't say enough about how good the monitoring and such is with my Discover card, which was one of the first cards issued when I was rebuilding my credit. It alerts me instantly when charges come through which are 1) over $100 and 2) out of the country or 3) unusual. The app is simple and terrific.
I have another card (CitiBank) which offers live monitoring. I'd check with any existing cards you already have issued to yourself, now, and see if those institutions offer monitoring service as one of your perks -- at least you already have a relationship with them.
I'd never take advantage of the FBCS monitoring offer because 1) it's only for 12 months and 2) they are already proven untrustworthy and 3) I have ONE old debt, coming up on 7 years, that is hanging out there with a death toll ringing, and I have no desire to "do business" with a debt collector in modern times. It's like sleeping with the enemy and for all I know, in month 13, all of the sudden that 6.5 year old debt is active again.
28
u/Geminii27 Apr 30 '24
New proposed rule: anyone who has a person's details data-breached from them forfeits anything that person may have owed them.
I bet a lot of companies would suddenly be VERY interested in fixing their security.
8
Apr 30 '24
[deleted]
1
u/Geminii27 May 01 '24
Put the sanctions on whoever holds the debt. It doesn't matter who's trying to collect it - if the debt gets legally annulled, they don't have a basis for action.
5
u/rydan Apr 30 '24
My account was sold to collections once. So I did actually breach the collector's database. And funny thing is they did cancel my debt to them after the breach. As crazy as that sounds it is a true story from 2010.
1
2
u/VonThing May 01 '24
Already tried and tested rule: GDPR.
Fines for privacy violations are defined in percentage of revenue— meaning if America had GDPR the fine for this would be in the billions.
This shit was common in Europe too, then they brought on GDPR and European companies cleaned up their act mighty fast.
11
u/jeromelong Apr 30 '24
It's like Know your customer is a bad thing right? Why do they need all that information? But yet the gov keeps pushing it.
7
6
u/captain554 Apr 30 '24
It's 2024: I don't answer any calls unless the person is already in my contact list or I'm job hunting.
5
u/GatorGuru Apr 30 '24
Shouldn’t we be able to sue if my personal data was exposed?
7
u/thelegendofcarrottop Apr 30 '24
I’m not being snarky, but no. You have no recourse. And there is a 99.999% chance all of this info about you has already been compromised 14 other times that you don’t know about.
8
u/rydan Apr 30 '24
When someone posted my personal information on Twitter (actual PII, not weak stuff like usernames and email addresses),Twitter said it wasn't a violation of their rules because my information was already public. It was only public because of breaches like this one. This was in 2014 era Twitter.
7
18
u/ColoradoPhotog Apr 30 '24
At this point if you aren't signed up for identity protection services you're just asking for it. It fucking sucks it has to be a thing, but welcome to the America we've created so the corporate fuckfaces can have everything
14
u/HussDelRio Apr 30 '24
Please explain how any identity protection service prevents a third party data breach like this?
15
u/ColoradoPhotog Apr 30 '24
it doesn't. The same way a seat-belt doesn't prevent a car accident.
But it can reduce the damage you experience in the event of one.
3
u/ZwhGCfJdVAy558gD Apr 30 '24
It's a lot more effective to freeze your credit at Equifax, Experian, Transunion and Innovis. It only takes minutes to temporarily unfreeze it online if you want to apply for credit somewhere.
5
u/charliefinkwinkwink Apr 30 '24
Is there a particular identity protection service that is generally recommended over others? or are they all pretty standard
0
Apr 30 '24
All the same pretty much. I use credit karma. All the free ones are fine you just want to track any new accounts.
Most important thing for preventing fraud is to freeze your credit report at the 3 major bureaus and also at chexsystems
2
u/ZwhGCfJdVAy558gD Apr 30 '24
... I use credit karma. All the free ones are fine ...
If you don't mind that they monetize your financial information for marketing purposes. Bit of a weird thing to say in the privacy subreddit.
Most important thing for preventing fraud is to freeze your credit report at the 3 major bureaus and also at chexsystems
Yes.
5
2
u/rydan Apr 30 '24
I did this once. Back in 2006 I ordered Sprint service but never received the phone. But Sprint still felt they should charge me for the service for a phone I could never activate. So I refused payment. Got sent to collections around 4 years later for 6 months of unpaid service (not even as much as I paid them for the phone I never received).
I get a piece of mail one day saying I've been referred to collections. It just has a url to type in. I type it in. I immediately see some serious problems with their security. For one the url has an id number in it. If I change it I get a different person. But of course they protect all this information by making you answer 3 questions only the real person would know. Right? Only that person would be able to answer a multiple choice quiz. Except I noticed the questions were always the same for any particular person. But the answers weren't. Just load the page twice and the correct answers are the ones that didn't change between page loads.
Subscribe to a VPN that doesn't store logs in a foreign country (might have been Russia, can't remember). Wait a week. Write a script that automates a data breach basically pulling all the data including SSNs, names, etc. Send it all to /dev/null . I don't care about the data. I just want to breach it. And I want them to see it has been breached. I include my own account in the breach. Wait a few months planning to inform them that their system has been breached, how it was done, and all victims will be notified via email and to expect a class action lawsuit from one of them. However when I checked my credit report the collection notice had been removed. It wasn't due to the 7 years because there were still several left and they had only just taken the account. It was just gone. So the hopes was they got the message without me having to actually send it.
2
u/eatmoremeat101 Apr 30 '24
Bad news is for the scammers that are going to try and scam people that have no money. These people are in debt collection. Seems like a pretty bad selection of people to try and milk $ from.
2
1
1
1
1
1
1
1
557
u/Timidwolfff Apr 29 '24
at this point why even have an ssn. what value does it hold when its getting passed around faster than breckie hill on every upcoming young adult male streamer