Wealth of data online likely made posting celebrity credit reports easy

Given the wealth of personal information available online, it is not surprising that cybercriminals were able to gather enough data to obtain credit reports on a number of celebrities ranging from Michelle Obama to singers Beyonce and Jay-Z, experts say.

While not identifying any of the victims, Experian, Equifax and TransUnion, the three largest credit-reporting companies confirmed Tuesday that hackers had illegally obtained access to user information. The theft became known after the hackers posted the credit reports of numerous celebrities online.

Experian and Equifax did not respond to a request for comment on Wednesday. TransUnion released a statement saying the thieves had all the data they needed to obtain user information.

"The sophisticated perpetrators of these fraudulent activities had considerable amounts of information about the victims, including Social Security numbers and other sensitive, personal identifying information that enabled them to successfully impersonate the victims over the Internet in order to illegally and fraudulently access their credit reports," the company said.

While it's not known where the criminals obtained the information, privacy experts say a savvy person in the use of the Internet could easily find enough data to obtain a credit report from Annualcreditreport.com, which Equifax, Experian and TransUnion use to provide free annual reports. "It's very easy to do," said Russ Warner, an Internet safety specialist and chief executive of Contentwatch.

The problem is sites that offer free credit reports often use public records for questions used to identify the user, said Pam Dixon, executive director for World Privacy Forum.

"If online identity vetting mechanisms can be answered through public records and social media research, then we will need to migrate to more sophisticated systems," Dixon said. "I anticipate that this problem will get worse, not better, as records accrue over time for more people."

Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, agreed that too much personal information is available online and people or businesses do not do enough to protect it. "We constantly get surprised when things like this happen but then business goes on as usual," Fakhoury said.

In its 2012 Identify Fraud Report, Javelin Strategy & Research found that identity fraud rose by 13 percent in 2011, with 11.6 million U.S. adults becoming victims. Users of LinkedIn, Google+, Twitter and Facebook had the highest incidence of fraud.

Other celebrities with credit reports posted on the Web included FBI director Robert Mueller, actors Mel Gibson and Ashton Kutcher, former pro wrestler Hulk Hogan, U.S. Attorney Eric Holder, Los Angeles Police Chief Charlie Beck, former California governor Arnold Schwarzenegger and former Vice President Al Gore, Bloomberg reported.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Equifaxapplicationsdata privacyExperiansoftwaredata protectionData Protection | Data Privacy

More about BloombergElectronic Frontier FoundationEquifaxFacebookFBIGoogleJavelinRose

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place