Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Experian, Ford Still Unsure How Hacker Stole 13,000 Credit Reports

From: InfoSec News <isn () c4i org>
Date: Tue, 28 May 2002 03:28:26 -0500 (CDT)
http://www.lendingintelligence.com/news.ez?viewStory=1123&Form.sess_id=845521234&Form.sess_key=1022430845

NEW YORK, May 28 (LendingIntelligence.com) - It is almost four months 
after hackers using at least one Ford Motor Credit Co. authorization 
code stole 13,000 consumers' credit reports from Experian and the 
companies still do not know exactly how the scam was pulled off - 
although neither is saying it was at fault for the security breach.

The Federal Bureau of Investigation continues to look into the 
purported theft.

What is known is this: One or more computer hackers got access to at 
least one Ford Credit authorization code and downloaded about 13,000 
credit reports from Experian's database. How this exactly transpired 
is still a point of debate between Experian and Ford officials.

A Ford spokesman said the hackers did not break into Ford's computer 
systems - contrary to some published reports - but "broke into the 
credit bureau's system," referring to Experian.

"And it is not just one password that they got," said Dan Jarvis, the 
spokesman. "If you are a bank and you are dealing with credit reports, 
you need a whole series of codes and passwords to get into [a credit 
bureau's] system. It would be virtually impossible to just use some 
passwords.

"They hacked right through Experian's system," he said. "You cannot go 
up to someone's door in newly fallen snow and not leave a footprint. 
The footprint said that it was Ford Credit. [Law-enforcement 
officials] do not think it was an employee of Ford Credit, and they do 
not think they just got hold of a password or pass code. You need a 
whole series of things. You need a whole basket of information. The 
credit reports were all random."

Experian, meanwhile, said it does not fully know how the theft 
occurred. Yet, a company spokesman said Experian's security is 
anything but porous.

"Our files are protected by state-of-the-art, Star Wars-style security 
and encryption technology," said Donald Girard, Experian director of 
public relations.

Girard said that Experian "is pretty confident" that its database was 
not hacked into, "leaving a range of possibilities." Nevertheless, 
Girard would not blame Ford for the security failure.

A Ford Credit spokeswoman said the FBI has "leads" on who perpetrated 
the crime.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: