Anthem Hacked

[Reub]

The personal records of 80 million people were hacked recently from Anthem Health, which owns Blue Cross/Blue Shield. SS numbers, names, addresses, health and work information were left unencrypted and stolen by the hackers. This might be a good time for all of us to institute credit freezes on our accounts.

[MachineGhost]

Specifically, Chinese hackers, likely state sponsored since I doubt you can hack the USA through The Great Firewall.

HIPAA doens't require encryption.  Frackin' stupid.  All those disclosure restrictions and paper pushing bureaucratic bullshit, but you need not encrypt the data!

[Reub]

Maybe now the Chinese will encrypt it for us.

[dragoncar]

Specifically, Chinese hackers, likely state sponsored since I doubt you can hack the USA through The Great Firewall.

HIPAA doens't require encryption.  Frackin' stupid.  All those disclosure restrictions and paper pushing bureaucratic bullshit, but you need not encrypt the data!

Wow, required or not it's certainly negligent to leave such records unencrypted.  Most places will at least encrypt, but just fuck it up so its easy to crack.

[madbean]

HIPAA doens't require encryption.  Frackin' stupid.  All those disclosure restrictions and paper pushing bureaucratic bullshit, but you need not encrypt the data!

From an article I read...

"Company spokeswoman Kristin Binns said the data accessed was not encrypted, but that would not have thwarted this attack because the hacker also had a system administrator’s ID and password."

[Pointedstick]

HIPAA doens't require encryption.  Frackin' stupid.  All those disclosure restrictions and paper pushing bureaucratic bullshit, but you need not encrypt the data!

From an article I read...

"Company spokeswoman Kristin Binns said the data accessed was not encrypted, but that would not have thwarted this attack because the hacker also had a system administrator’s ID and password."

In other words, as usual it wasn't a "hack." The weak link was some dummy with atrociously bad security habits.

[madbean]

In other words, as usual it wasn't a "hack." The weak link was some dummy with atrociously bad security habits.

At my company we've gotten the systems locked down pretty well after some major intrusions. Mostly, only System Administrators and DBA's in Mumbai have the passwords now.

[Tyler]

This might be a good time for all of us to institute credit freezes on our accounts.

This is a tangential topic, but one that really grinds my gears.  If credit histories are prime targets for thieves and errors are particularly harmful and difficult to correct for individuals, it seems to me that a credit freeze doesn't really address the core issue.  Why on earth do we as individuals not retain the right to opt out of the information being collected at all?

I'd happily jump through any hoops a lender would require to prove my trustworthiness if it meant that I could keep my personal info truly personal and out of the hands of the notoriously unreliable and unaccountable credit agencies. 

[WiseOne]

My personal info has already been stolen multiple times, according to the several letters I've gotten reporting security breaches.  I really think the answer is not to prevent theft or to freeze credit accounts, but to monitor your credit info regularly.  There are lots of ways to do that.  I've been using Credit Karma.  I like the alerts they send anytime something changes on the credit report, but I make it a point to log in at least monthly to review all info.

[Pointedstick]

Why on earth do we as individuals not retain the right to opt out of the information being collected at all?

If you opted out you would get turned down every time you applied for a loan due to "no credit history".

And it's not just collection agencies that are collecting information on you. You would be surprised to find out how much information a company called Lexis Nexus has on you and even more surprised to find out how easily somebody like me could access it if he wanted to.

Being entirely debt-free and on the path to financial independence, I sometimes wonder what use I still have for a credit report. I never intend to borrow money ever again, or apply for housing in a corporate apartment complex, or work at a sketchy enough job that they check credit reports to determine if you're trustworthy.

It's not that I'm going to go out and wreck my credit score or anything (ironically since I became debt-free, my score has risen to a exceptionally high level), but what's the point?

[MachineGhost]

It's not that I'm going to go out and wreck my credit score or anything (ironically since I became debt-free, my score has risen to a exceptionally high level), but what's the point?

Never say never.  You might want to borrow for a business opportunity, investment opportunity, etc. in the future some day..  LendingClub, for example, is expanding into small business loans.  Far better to have a credit score that you don't need than none at all when you need one.

[madbean]

It's not that I'm going to go out and wreck my credit score or anything (ironically since I became debt-free, my score has risen to a exceptionally high level), but what's the point?

Never say never.  You might want to borrow for a business opportunity, investment opportunity, etc. in the future some day..  LendingClub, for example, is expanding into small business loans.  Far better to have a credit score that you don't need than none at all when you need one.

Also, many companies are now checking your credit report when you apply for a job so it's not just about borrowing money. And if you did manage to go completely dark in the system you'd have a hard time opening a bank account and even cashing a pay check at Walmart.

[Tyler]

Also, many companies are now checking your credit report when you apply for a job so it's not just about borrowing money. And if you did manage to go completely dark in the system you'd have a hard time opening a bank account and even cashing a pay check at Walmart.

Yep, it's part of a standard background check these days.

I cant help but feel like the pervasiveness of credit report inquiries is a symptom of a dystopian societal sickness, where debt is so universal that how reliably you make payments is now considered the ultimate measure of character.

The fact that we have no right to 'go dark' and only marginal ability to correct gross errors in the databases of a trio of private companies with so much power over our lives seems wrong to me. I'm confident that if that was a possibility, companies and banks would find other ways to check your references. Like Pointedstick, it wouldn't come up all that often for me and I'd be willing to deal with it.

For the record, despite my rant I'm still quite practical and care about my credit rating. Like it or not, it's important. Even back when I dealt with an identity theft issue (the cause of much of my current angst), I always considered credit monitoring an expensive scam. But thanks to WiseOne's Credit Karma reference I signed up last night. It seems legitimately helpful with no catches. Thanks!

[Tortoise]

My personal info has already been stolen multiple times, according to the several letters I've gotten reporting security breaches.  I really think the answer is not to prevent theft or to freeze credit accounts, but to monitor your credit info regularly.  There are lots of ways to do that.  I've been using Credit Karma.  I like the alerts they send anytime something changes on the credit report, but I make it a point to log in at least monthly to review all info.

Not sure I agree that regularly monitoring your credit info eliminates the need to sometimes use fraud alerts or credit freezes. The former is for detecting credit-related shenanigans after the fact; the latter are for preventing the shenanigans in the first place. Fraud alerts and credit freezes make it more difficult for a thief with your personal info to open new lines of credit in your name.

It's great to be able to use services like Credit Karma to quickly detect when your identity has been stolen, but once you've detected it, you still have to go through the massive headache of fixing the problem and dealing with the aftermath. That's why it seems to me like fraud alerts and credit freezes still have definite utility that Credit Karma doesn't.