Friday, July 13, 2007
Freakonomics Blog » I.D.-Theft Watchdog Finds the State of Texas is Wide Open for I.D. Thieves
To his surprise, Peisner was allowed to proceed (without giving the three-digit security code on the back of his credit card, no less), and within moments he had access to the site’s database. For $1 per search, he ran searches on several common last names including “Campbell,” “Smith” and “Jones,” as well as “Greg Abbott,” the attorney general. The result? Hundreds of PDF’s for the common names and a handful for Abbott, many of them containing addresses, Social Security numbers, and other personal information. Lucky for the attorney general, Peisner chose to publicize his findings here rather than sell them to the highest bidder — though he did receive an invoice for the searches within minutes of completing them. This morning, he contacted the office of Texas Secretary of State Phil Wilson to let him know of the vulnerability, and was told that the matter would be directed to the office’s I.T. department. Meanwhile, the site’s security hasn’t changed; Peisner was able once again to access the database using the name “Ima IDThief” and the same credit card information.
To his surprise, Peisner was allowed to proceed (without giving the three-digit security code on the back of his credit card, no less), and within moments he had access to the site’s database. For $1 per search, he ran searches on several common last names including “Campbell,” “Smith” and “Jones,” as well as “Greg Abbott,” the attorney general. The result? Hundreds of PDF’s for the common names and a handful for Abbott, many of them containing addresses, Social Security numbers, and other personal information. Lucky for the attorney general, Peisner chose to publicize his findings here rather than sell them to the highest bidder — though he did receive an invoice for the searches within minutes of completing them. This morning, he contacted the office of Texas Secretary of State Phil Wilson to let him know of the vulnerability, and was told that the matter would be directed to the office’s I.T. department. Meanwhile, the site’s security hasn’t changed; Peisner was able once again to access the database using the name “Ima IDThief” and the same credit card information.
