A service that sells personal data to identity thieves has been getting its wares from hacked data brokers storing information similar to what Obamacare marketplaces plan to use, setting the scene for fraudsters to collect government subsidies.
According to a new investigative report by cybersecurity researcher Brian Krebs, the service, known as SSNDOB, hacked LexisNexis and other large data aggregators that supply ID check information.
Lenders, health insurers, and other organizations that need to confirm who they are dealing with use this information for knowledge-based authentication — screening that quizzes a user about information only the valid user is likely to know, such as a former home address or parent’s middle name.
“They also have a bunch of bogus questions that they can serve up to see if you really are who you say you are,” explains Gartner identity fraud analyst Avivah Litan, who, in a blog post, raised alarms about the impact of the data broker hacks on Obamacare implementation.
Criminals can get their hands on anyone’s “identity information through the black market exchanges that Krebs writes about. Frankly, it’s another ominous and bad sign for Obamacare, since as I understand it, the new health care insurance exchanges will be using the same [knowledge-based authentication] to verify applicants for healthcare insurance,” Litan wrote in her blog post. Krebs interviewed Litan for his story.
She added: “The likely results will be chaotic and troublesome, and will no doubt fuel the fire of Obamacare opponents.”
The online exchanges set to open Oct. 1 are expected to attract scammers seeking financial gain or personal data, according to security specialists.
The targets of the identity theft service were…