Criminals can get anyone's credit files through arrangements with any of the many thousands of people with access to credit files through legitimate companies. It happens all the time.
Please read my FTC filing for the simple solution to prevent this, the assignment of a user changeable PIN.
Credit breach too easy, consumer group says
"VANCOUVER -- A security breach that allowed criminals to gain access to 1,400 confidential credit files at Equifax Canada was a crime waiting to happen, the president of Consumer Federation Canada says.
"This could have been prevented," said Dan Barnabic, whose non-profit consumer advocacy group is lobbying the government to tighten regulations covering credit-reporting agencies.
Mr. Barnabic said that to access the credit reports at a credit-reporting agency such as Equifax, all a criminal needs to do is set up a front operation.
"You open up a business. Register it. Get your licence and get Bell Canada to put a phone in, in your company's name. Then you have all the accreditation you need. You register as a credit-granting business, like a mortgage company, and for a small fee you can start getting files.
"You can get credit information on just about anybody you want. You just need a name and address for someone to request their credit report.
"And with their credit report you get everything -- social insurance number, how much they've paid, how much they owe. You see exactly what someone has . . . It's so easy to obtain, it's amazing."
Equifax told 1,400 consumers earlier this month that their credit reports "were accessed by criminals posing as legitimate credit grantors."
The company said alerts have since been placed on the affected files, so that potential creditors will confirm a consumer's identity before agreeing to a transaction.
Mr. Barnabic said credit grantors are required by law to get written permission from a consumer before they access credit records maintained by companies like Equifax, or TransUnion Canada, the other national credit reporting agency.
But he said credit-reporting agencies trust credit grantors to do what they are required, and usually don't do any further checks themselves.
"We don't know how this crime at Equifax was done," Mr. Barnabic said, "but my guess is, and I'm just speculating, that someone set up [phony] companies, became members [with Equifax] and just started requesting the credit files.
"If they got a dozen people, maybe more, that posed as credit grantors.. . . Now you are armed to get anyone's report, anywhere in Canada. Then you can pull credit reports on anybody . . . that's the scam. That's probably what they did.
"To get 1,400 files, it cost the criminals about $8,000 or $9,000" in access fees.
"It's amazing how easy it would have been. And it may happen again tomorrow in Toronto or Montreal. It's so easy that it's frightening."
..."
The CRAs don't want PINs because they would lose out on all that business.
Evil greedy executives like CEO Thomas Chapman put their profits ahead of common sense.
I sure hope those 1,400 people all file mega law suits. The fraud alert is not only NOT helping, but it actually hurts them because they are likely to get declined and won't get any pre-approvals.
Posted by Christine at March 22, 2004 11:50 AM