I did a double take when I saw this because I've been in contact with Equifax recently because I started receiving SPAM form a non-existent email address that I shared with them.<p>I have a Catch-all address setup on my Domain so that I can give every site I interact with their own custom email address. In this case it was equifax.com@mydomain.com. Since the email address doesn't exist, and they're the only company I've shared it with, they're the only ones with a record of it's existence.<p>When I emailed them asking if they'd had a security breach or if they were selling email addresses they responded saying they would opt me out of marking emails. When I responded with the context and header info of the emails I received and asked if this was in fact from them things turned. About an hour later I got a response, the tone had changed significantly and they indicated that the incident had been escalated to their security department and that they would be in contact with me as their investigation progressed.<p>I can say this has been the best response to the dozens of emails I've sent to companies about the same issue. The worst was Best Buy whose response was something along the lines of "Eat D<i></i>k, we do what we want."
This Dilbert comic is 100% apt today:
<a href="http://dilbert.com/strips/comic/2010-10-14/" rel="nofollow">http://dilbert.com/strips/comic/2010-10-14/</a>
Except there's actually no such thing as "identity theft" - it's a mere figment of the credit industry's (tracking industry's) fantasy in which they're omniscient, and an attempt to slowly push the responsibility for bank fraud onto uninvolved third parties. In reality, some would-be bank fraudsters got ahold of some non-secret information.
Well, is it fair to say that the credit system in the US is fu<i></i>ed up? Oligopoly of 3 agencies have pretty much entire control of your fate. Yes Fate. Purchasing power means cash and since credit = cash these companies control the cash that you have at disposal. Which means your FATE. Its insanely difficult to pierce oligopolistic structures and Cartels because of obvious reasons. But some day some startup needs to tackle this. The system works for most but doesn't work for many.
Thanks cylo for the post. Sadly we can't seem to trust the credit agencies or Government agencies with data protection. We need a politician who will champion some sort of legal offence (Federal?) for digital data protection breaches whatever the industry/company (above anything that already exists) that will scare companies enough that they start taking digital identity seriously. Maybe that's a pipe dream but I get the sense after reading this article that regulators just don't carry a big enough stick or have too light a touch when punishing serious infractions.
Do "underground" credit rating agencies exist? I don't mean credit rating agencies for carders and scammers, I mean agencies that track things they're not supposed to track. Agencies that keep the data on file for longer than they're supposed, keep track of how many times a particular ID asks for refunds, or to get their security deposit back, material like that.<p>It would have to be out of the Caribbean or some place with lax data privacy laws, and strict confidentiality laws.
For those of you interested in learning how the <i>cough</i> scam <i>cough</i> system of credit scores works and how to maximize the system, here is a talk I have found very informative. It's a dirty business and industry...<p><a href="http://www.youtube.com/watch?v=5gFDnQGr6WU" rel="nofollow">http://www.youtube.com/watch?v=5gFDnQGr6WU</a>