Given the wealth of personal information available online, it is not surprising that cybercriminals were able to gather enough data to obtain credit reports on a number of celebrities ranging from Michelle Obama to singers Beyonce and Jay-Z, experts say.
While not identifying any of the victims, Experian, Equifax and TransUnion, the three largest credit-reporting companies confirmed Tuesday that hackers had illegally obtained access to user information. The theft became known after the hackers posted the credit reports of numerous celebrities online.
Experian and Equifax did not respond to a request for comment on Wednesday. TransUnion released a statement saying the thieves had all the data they needed to obtain user information.
"The sophisticated perpetrators of these fraudulent activities had considerable amounts of information about the victims, including Social Security numbers and other sensitive, personal identifying information that enabled them to successfully impersonate the victims over the Internet in order to illegally and fraudulently access their credit reports," the company said.
While it's not known where the criminals obtained the information, privacy experts say a savvy person in the use of the Internet could easily find enough data to obtain a credit report from Annualcreditreport.com, which Equifax, Experian and TransUnion use to provide free annual reports. "It's very easy to do," said Russ Warner, an Internet safety specialist and chief executive of Contentwatch.
The problem is sites that offer free credit reports often use public records for questions used to identify the user, said Pam Dixon, executive director for World Privacy Forum.
"If online identity vetting mechanisms can be answered through public records and social media research, then we will need to migrate to more sophisticated systems," Dixon said. "I anticipate that this problem will get worse, not better, as records accrue over time for more people."
Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, agreed that too much personal information is available online and people or businesses do not do enough to protect it. "We constantly get surprised when things like this happen but then business goes on as usual," Fakhoury said.
In its 2012 Identify Fraud Report, Javelin Strategy & Research found that identity fraud rose by 13 percent in 2011, with 11.6 million U.S. adults becoming victims. Users of LinkedIn, Google+, Twitter and Facebook had the highest incidence of fraud.
Other celebrities with credit reports posted on the Web included FBI director Robert Mueller, actors Mel Gibson and Ashton Kutcher, former pro wrestler Hulk Hogan, U.S. Attorney Eric Holder, Los Angeles Police Chief Charlie Beck, former California governor Arnold Schwarzenegger and former Vice President Al Gore, Bloomberg reported.
Read more about data privacy in CSOonline's Data Privacy section.