Central Collection Bureau Informative - WARNING: Your Identity and Personal Information May Be At Risk!!!

Review by D. on 2008-04-21

Records on 700,000 People at Risk in Collection Agency Server Theft!

More than 700,000 personal records were held by the server and other computers that thieves grabbed from an Indiana collection agency in March.

A server containing personal information on some 700,000 people was stolen from a collection agency in Indiana last month prompting concerns over how that information may be used, according to an Associated Press article over the weekend.

Central Collection Bureau, Inc., based in Indianapolis, said that eight computers and a server were taken from its office on March 21. The server contained the personal information -- including names, addresses and Social Security numbers – of as many as 700,000 people. The information consisted of billing and past-due records of consumers the collection agency was pursuing on behalf of clients.

The company said in a press release that three locked doors were breached to obtain the server. The company also said that the data on the machine was password-protected but not encrypted.

"We're obviously heartsick about this," Chet Klene, the company's president, told the AP. "We've been in business since 1972, and nothing like this has ever happened before."

Central Collection offers collection services across several sectors, including health care and medical debt and child support payments.

Police have not yet found the missing equipment and the Indiana attorney general is currently investigating the incident.
Comments:13 Replies - Latest reply on 2008-04-22
Posted by D. on 2008-04-21:
How did they ever pass any audits with passwords that were not encrypted???? At NCO we had to have our Emails and passwords encrypted for security and the safety of the Debor's personal information! I personally went from desk to desk...approx. 200 of them, and inspected them for any sensitive information left out in the open and if I found any, that collector was addressed and corrective action was taken against not only them, but their manager as well!

Posted by Anonymous on 2008-04-21:
Well there are a couple of silver linings here... considering that the data was stolen from a collection agency, it isn't highly likely that it canbe used to open credit accounts, and secondly, think of the satisfaction of filing a negligence suit against the collection agency that gave you such a hard time. It just proves the existence of God.
Posted by D. on 2008-04-21:
But Ken...what happens when that information is used to contact and COLLECT from those people, using a PO BOX? And even though they may be in collections, it doesn't mean they can't still use the information for other credit...they will have access to their entire credit reports....they can make up fake Driver's license and sell their ID's on the streets...I've seen where people using fake ID's committed crimes under the other person's identity and that person couldn't even get a job because they had a police record. It's not just about bad credit, it is people's livelihood and reputation...and what about those that are in collections in error, who DOES have good credit...I don't' see any silver-lining here...sorry.
Posted by FoggyOne on 2008-04-21:
Let us hope that the company had enough sense to encrypt the data. It is not foolproof but may help in reducing any negative consequences. Some firms actually lock their critical servers in a vault - the data resides on the server not the local PCs so if a PC is stolen it is just a piece of hardware. Scary stuff.
Posted by tander on 2008-04-21:
Does that mean all them people get out of paying their bills?..lol
Posted by MSCANTBEWRONG on 2008-04-21:
Thanks for the info DB. That's really scary...I can't believe in this day and age, the info wasn't encrypted...
Posted by MarshPeep on 2008-04-21:
I feel really bad for those on that list that might be working hard to clean up their bad histories. People do make mistakes (especially when they are young) and it's a tough hole to crawl out of. Now, if they have more damage done to their records by identity thieves, it's gonna be really hard to refute those, based upon their history. That's awful.
Posted by Anonymous on 2008-04-21:
Ah, the wonderful world of technology. Sometimes it just bites us in the a@@. Thanks for the info, DB.
Posted by D. on 2008-04-21:
I agree with all of you...it is scary...that's why I wanted to post this warning...so if someone gets a call or letter from this company, they will be aware that it may not be a rep from this company that is really contacting them, but a scam artist.
Posted by Anonymous on 2008-04-21:
""We're obviously heartsick about this," Chet Klene, the company's president, told the AP."

The sincerity of that is right up there with "Your call is very important to us."

"We've been in business since 1972, and nothing like this has ever happened before."

Well, maybe if your database was encrypted (technology available since 1972), it would have at least been secure enough to thwart a 13 y/o kid with an old Atari computer.

Thanks DB!

Posted by D. on 2008-04-21:
LOL..Doc J!
Posted by voiceoff on 2008-04-22:
Do they have vidio equipment to catch the theives? Those have been around a long while.
Can they be sued for negligence in safeguarding the information? That would be an ironic twist. The people would be getting money from them instead of giving it to them.
Don't they have an alarm system installed? It may be an inside job.
Hope it works out well.
Posted by D. on 2008-04-22:
I would say the people should be able to sue for negligence because these agencies are supposed to be following strict rules to make sure all sensitive information is safe. They should have been audited and those issues should have waved a flag...I'm sure if they were audited, they were most likely dinged for that and obviously did nothing to correct it. If they've been in business that long and has never protected that information, I would have to question the auditors. I doubt if it was an inside job since door breaching was involved.

Your Name:
(displayed with your comment)
Your E-mail:

Your Experience/Advice:
Check spelling

By clicking submit you agree that you have read and accept the Terms of Service & Privacy Policy.

Note: All comments are reviewed by a moderator before being published. Please be sure to read our guidelines before commenting.