Thursday, June 26, 2008

I have a lost laptop horror story for you.

I used to work for Boeing in Wichita. Boeing sold the Wichita division and all of the workers, including me, to another company. We still did the same work, but Boeing was just one customer of several.

Nearly a year after the sale, someone at Boeing lost a laptop that had the names, addresses and Social Security numbers of nearly all of the 12,000 Wichita ex-employees on it. They waited an unknown period of time before telling anyone, then another couple of weeks before they offered to pay for credit reporting subscriptions for us. They offered no compensation for people that had been actual identity-theft victims and they wouldn't pay for identity-theft insurance.

Almost immediately after the laptop went missing, someone used my SSN to apply for credit cards all over the country. The name they used was always close, but not exactly a match to my name/address. They used addresses of those private mail drop places.

Since I'd lived at my house for nearly 20 years at the time, all these bogus addresses made the credit card companies reject the applications, but those rejections showed up on my credit reports and lowered my rating.

The credit bureaus (I had to deal with all three of them separately) couldn't just remove those rejections; they said that the credit card companies that made the requests had to retract them. The bogus addresses also appeared on my credit report as alternate addresses for me, and I had to convince the credit agencies that I'd never lived in Minneapolis or Boca Raton or wherever.

I spent untold frustrating hours on the phone being transferred from one credit card company customer service representative to the next, listening to crappy on-hold music, often being disconnected, and having to tell my story over and over. It took several months to finally get everything cleared up, and I now have a fraud alert on my credit rating so nobody can request a report without my explicit permission.

That's really a double-edged sword. I recently tried to open a new bank account and when the bank found out that there was a fraud alert on my account, they assumed that I was a criminal. I eventually went to a different bank, one that didn't need a credit report to open a checking account. There have also been credit report requests in the last two or three years since the original laptop loss that didn't originate with anything I'd done. They were rejected, but there's someone out there that's still trying.

Like AT&T, Boeing wasn't particularly apologetic. They insisted that the information "probably hadn't been compromised," and they couldn't explain why someone was running around with the social security numbers of a bunch of people that didn't even work for Boeing.

You can read a news story about the Boeing incident here. You can read about similar incidents pretty much every day of the week, or so it seems.

Security guru Bruce Schneier had an interesting post recently that included the contention that identity theft isn't necessarily the financial drain or pain in the ass that worrywarts such as yours truly might fear. He wasn't saying it's a picnic, just not the catastrophe one might imagine ... and it's not worth paying any significant insurance premium to mitigate.

He's probably right, but as with so much surrounding the purchase of insurance, this isn't entirely a decision based on logic alone.

Here's my bottom line: Aside from the really serious worries in life -- health, kids, job security, etc. -- having to go through what Russ Jones went through is way up there on my list of fears. It would drive me absolutely bonkers to have to spend so much time -- time I don't have to spare -- undoing the damage to my financial reputation.

source : http://www.google.com/news?

No comments: