Click the comments link on any story to see comments or add your own.
Subscribe to this blog
09 Nov 2010
Back on October 21 I found some bogus charges on my credit card bill. So I called up the bank, had them taken off, and the bank changed my card number. They suggested I look at my credit report and put a fraud alert on it. I went to annualcreditreport (the only one of many similarly named sites that is legitimate), and got my Equifax credit report.
There wasn't anything that looked fraudulent, but it did say that I lived in a house that belongs to a relative in which I have never lived. So I set up an Equifax web account so I could tell them to fix that mistake, which involved providing an e-mail address so they could tell me when it was done. After a day or two they wrote and said they'd removed the wrong address. Fine, all done.
Not quite. Yesterday, I got this money mule recruitment spam sent to the address I gave Equifax. It was sent from ovh.net, a poorly run French ISP. The address they spammed was long and non-obvious, not anything that might have been guessed or invented. (It included the name equifax, but it wasn't equifax@somedomain.)
So it took less than three weeks for Equifax, which has highly personal credit information about nearly every adult in the country, to leak my address to sleazy spammers. What else are they leaking? And do whom do I complain?
My other sites
© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.