The key words here are "Social Engineering" at its best.

Ford Credit Co. warns 13,000 people to be aware that their credit card details has been stolen by hackers. The hackers posed as an employees of Ford Credit and retrieved credit detials of 13,000 people from a credit reporting agency called Experian.

Ford Credit sent a letter to the victims that hackers used an unauthorized authorization code from Ford Credit to get the credit reports from Experian, one of three major reporting agencies.

But here comes the big one. The hackers did not only retrieve credit card numbers but the inquiry also gave the hackers access to each victim's personal and financial information, including address, Social Security number, bank and credit card accounts and ratings of creditworthiness, which can be used to identify the best targets.

Ford Credit said it contacted Experian after the automaker received a phone call about an unauthorized credit check in February, which appeared as though it was made by Ford Motor Credit.

Inside job? could be.

"I've never seen anything of this size," a spokesman for Experian, Donald Girard, said. "Privacy is the hallmark of our business. We're extraordinarily concerned about the privacy issue here, and the trust factor."
Heh.. Privacy? what about Security?

"This is not just a credit card number; this is the whole kazoo," said Richard Power, the editorial director for the Computer Security Institute, an industry trade group. A criminal could use the data to make credit card charges or even open bank and credit card accounts in the victim's name.
Ford Credit alerted the FBI soon after that, and the letters were sent to consumers beginning in late April.
Neither Ford Credit nor Experian has determined how many people have reported fraudulent charges or other problems. Mr. Girard said that Experian had received 2,700 calls since the letters started going out this month. Although the unauthorized inquiries began in April 2001, Ford first heard about the problem in February, Mr. Van Leeuwen said. Only 400 of the 13,000 victims were customers of Ford Credit, he said.
And as our feddie buddies usually say.. and I quote:
Dawn M. Clenney, a special agent at the F.B.I. office in Detroit, said that she could not comment, except to say, "We're on the case."
Ford Credit also has a hotline dedicated to anwering customers questions on this matter, and the toll-free number is 1-888-838- 8176. For those who wish to contact Experian, the number is 1-877- 828-1530.

Holy schmoly!

The really worrisome thing about this is that if I had received a letter from Ford Credit, I would have assumed that it was just another piece of junk mail and it would have been discarded unopened. I wonder how many of the 13,000 would have done the same thing. My guess is that only a small proportion of those affected are aware of the situation, in spite of that letter going out.

Good find and analysis, sOnIc.

Awesome report.... My theory is that it was an inside job.

Wow! :eek: This would have almost had to have been an inside job. The thing I know better than anything else is auto financing...and it's almost impossible to imagine how someone outside of the corporation could have accessed those files! It's very difficult to get your own credit report most of the time, and for someone else to get it is even more difficult.

However, with Americans, most credit companies report to Equifax rather than Experian, so the number of accounts listed on those credit reports may have actually been minimal compared to the number of accounts a person has. However, it still gives out personal info, such as social security numbers, which on the whole is more damaging than the existing accounts, because if someone knows your social, and other personal info, AND that you have a good credit record, opening new accounts, especially online, is no trick.

I am very glad I don't have anything financed with Ford.

This would also be a good time to note that as careful as all of you are about your computer security....PLEASE be careful with your day to day security as well. Most of the identities that are stolen are simply picked up from things that you throw away. As alarming as it is...most of what you throw out has personal info that can be used against you in some way. I strongly recommend a good little shredder. You can pick one up at most office supply stores, and a small one that fits over your trashcan is usually a matter of $20-$40. This small investment, in comparison with what you stand to lose, is well worth it.

Deb :D

/me votes that it was an inside job.

I agree with jethro! Was probably an inside job....

I agree with deb, what you throw away can be dangerous. A small shredder is a very wise investment. I always said that if I had $10.00 for everytime I was "preapproved" for a credit card, I wouldn't need credit cards! :p

Dude that's whacked...glad I don't have my credit card through Ford, although I do have my 2002 Ford Ranger Edge, aiiieee!

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by zaggy
I agree with deb, what you throw away can be dangerous. A small shredder is a very wise investment. I always said that if I had $10.00 for everytime I was "preapproved" for a credit card, I wouldn't need credit cards! :p

Don't ever throw away anything you don't want someone to find. We shred anything with an account number on it.

lol well it wasnt really just Ford that got hacked... it was teh agency Experian got hacked.. they justed used the access codes of Ford Motors to retrive the database file for the credit reports. and only 400 were Ford Customers.. its preety tough

but to think of it... im not really sure what the Hacker's motive was.. was it to test the security of the agency, or to sell the information they stole.. i mean.. its been done before.. hackers steal imformation... sell them.. if they refuse to pay.. they post the credit records on a website.. again.. this is also one example on how much security is needed to be applied in your local servers...

My guess is that it was strictly for personal gain. As I said before, with the info contained in those credit files, they have virtually unlimited access to the financial resources of the victims. And the bad thing about it is that they may close the accounts on the credit report, and get new ones, but the hackers have all of that info, and you can't change your b-day, and it's easier to launch a space shuttle than to get your social security number changed, and most folks aren't going to have the option to run out and move. So now they are going to have to be on the constant look-out for people impersonating them.

Deb :D