Share this article

print logo

PERSONAL DATA IS FOR SALE ONLINE

Want someone else's Social Security number?

It's $35 at www.secret-info.com. It's $45 at www.iinfosearch.com, where users can also sign up for a report containing an individual's credit-card charges, as well as an e-mail with other "tips, secrets & spy info!" The Web site Gum-shoes.com promises that "if the information is out there, our licensed investigators can find it."

Although Social Security numbers are one of the most powerful pieces of personal information an identity thief can possess, they remain widely available and inexpensive despite public outcry and the threat of a congressional crackdown after breaches at large information brokers.

Brokers such as ChoicePoint Inc. and LexisNexis have pledged to restrict the availability of such data after personal information on more than 175,000 people was purloined from the two firms by identity thieves posing as legitimate businessmen.

So far, neither those moves nor revelations of a series of breaches at major banks and universities has curbed a multitiered and sometimes shadowy marketplace of selling and reselling personal data that is vulnerable to similar fraud.

A simple Internet search yields more than a dozen Web sites offering an array of personal data.

Some are run by small data brokers and other resellers. Others are run by private investigators, many of whom have complained that recently announced restrictions on the availability of Social Security numbers would hurt their ability to assist law-enforcement, track down deadbeat dads or locate witnesses.

Yet with only scant checks to verify whether someone requesting data is legitimate, several sites sell full Social Security numbers, potentially contributing to an epidemic of identity theft or fraud that touched about 10 million Americans in the past year.

No law prohibits the sale of Social Security numbers, but privacy experts and some government agencies have warned for years that the number is overrused and underprotected.

Inaugurated in 1936, the nine-digit number was intended to match citizens to the retirement money they would eventually receive. Over time, the number became essential for getting or verifying credit and for employment background checks.

Eventually, it became so deeply linked to personal data throughout the economy that it became a defacto national identifier.

"For identity thieves, it's their magic key . . . that gets into every door," said Daniel Solove, a George Washington University law school professor who specializes in privacy law. Getting a number can make it possible for criminals to access to bank or credit-card accounts, establish credit to make purchases, or find someone they wish to harm.

Nonetheless, some insurance companies still use the Social Security number as an individual's account number, printing it on identification cards, leaving people vulnerable if wallets are stolen or lost. Medical offices routinely request Social Security numbers, often when initial appointments are made, and many universities use it as a student identification number.

According to a recent study commissioned by Unisys Corp., a technology consulting company, about half of large financial institutions use Social Security numbers to verify the identities of customers who call in for services. Some even use it to identify customers as part of the log-in process when they want to access accounts via the Internet.

So vital are Social Security numbers in this sea of information that ChoicePoint warned investors in a recent Securities and Exchange Commission filing that its business could suffer if the rules on distribution of Social Security numbers were tightened.

The mass breaches of data at ChoicePoint and LexisNexis forced the companies to be proactive.

Executives of both firms told Congress last month that for many of their non-law-enforcement clients, Social Security numbers would be truncated so that only five digits would appear on reports.

But plenty of sources of the information still exist. Using an intermediary, The Washington Post was able to obtain the full Social Security number of a reporter within 24 hours from two of three online providers the intermediary contacted.

Robert Douglas, the intermediary, operates the consulting firm PrivacyToday.com. Douglas, who chose the method of acquiring the numbers on his own, said he used the pretext of tax preparation because that would be a common trick used by an identity thief at this time of year.

Under a law that took effect in 2001, non-public data from financial records cannot be sold or transferred without giving individuals a chance to opt out. There are several exceptions, however, including employment checks, for tax filing, or to process a financial transaction.

But the system relies on the honesty of the person seeking data, and the diligence of the person selling it.

"Until Congress understands about the resale market here, they are not going be able to get a handle on this problem," Douglas said.

For their part, ChoicePoint and LexisNexis say they are "recredentialing" all non-government clients.

ChoicePoint spokeswoman Kristen McCaughan said the company plans to give full access only to government or law-enforcement agencies, banks and insurance companies.

A LexisNexis spokesman said clients downgraded to restricted access included law firms, media and private investigators.

There are no comments - be the first to comment