Matthew Yglesias is on vacation.
Sen. Jay Rockefeller (D-W.Va.), who has a reputation for going after data brokers, has sent a letter to the CEO of Experian after learning that one of the credit bureau's recent acquisitions had sold Social Security numbers to identity thieves. The letter comes after an amazing investigation of a number of surreptitious sales among companies and countries.
KrebsOnSecurity conducted the investigation. Former Washington Post writer Brian Krebs and his readers were able to backtrack from “sourceid” metadata attached to consumer records being sold online. They tracked the data back to an American company, USInfoSearch.com, whose CEO in turn blamed a third company, Court Ventures, with whom they’d signed an information-sharing agreement. (Didn’t you know that everything is hunky-dory so long as you sign an information-sharing agreement?)
Court Ventures “aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources.” Experian, one of the three major national credit bureaus, gets dragged in here because it bought Court Ventures about a year ago.
USInfoSearch.com’s CEO says that the people selling this extraordinarily sensitive information accessed Experian’s records after posing as a U.S.-based private investigator, but they are actually based in Vietnam. But even if these posers threw together their most convincing American outfit, Experian should have noticed that they were being paid with wire transfers from Singapore.
This could lead to a lot of pain for Experian. USInfoSearch.com found out about the leak only after contact from the U.S. Secret Service, which had obtained a grand jury subpoena against the company. In other words, there’s a possibility that Experian might be prosecuted. Acquisitions come with liabilities.
Rockefeller is now demanding answers from Donald Robert, Experian’s CEO. What seems particularly worrying to Rockefeller, as Natasha Singer reported at the New York Times, is “whether Experian as a company has appropriate practices in place for vetting its customers and sharing sensitive consumer data with them, regardless of the particular line of business.”
It’s hard to imagine how careful Experian could be—or at least how careful Court Ventures was—if Krebs' investigation is right and they sold troves of data to a "U.S. investigator" without noticing the payments were coming from Singapore.
The case also highlights an important and understated problem: No one can operate offline anymore. Debates about data brokers often center around Facebook, but having a Facebook account is still a voluntary activity. Experian is not a company from which you can opt out. Credit reports are not voluntary. The dangers of online information sharing are not only about individual decisions. As Rockefeller has suggested, they’re also hugely dependent on corporate practices that occur behind closed doors.
This is why data brokers can’t have nice things. Like our Social Security numbers.
TODAY IN SLATE
The Right Target
Why Obama’s airstrikes against ISIS may be more effective than people expect.
The NFL Has No Business Punishing Players for Off-Field Conduct. Leave That to the Teams.
Meet the Allies the U.S. Won’t Admit It Needs in Its Fight Against ISIS
I Stand With Emma Watson on Women’s Rights
Even though I know I’m going to get flak for it.
Should You Recline Your Seat? Two Economists Weigh In.
How to Stop Ebola
Survivors might be immune. Let’s recruit them to care for the infected.
- School District Wants to Censor American History Curriculum to Make It More Patriotic
- U.S. Federal Prison Population Drops for the First Time in Decades
- Conservative Star D’Souza Avoids Jail Time for Illegal Campaign Contributions
- Moderate Chinese Intellectual Sentenced to Life in Prison After Show Trial