- Associated Press - Wednesday, March 13, 2013

LOS ANGELES (AP) - The three major credit bureaus say hackers who have posted credit reports on stars and government officials in recent days did not breach secure databases but relied on personal information they collected elsewhere on the public figures.

Representatives for Experian, Equifax and TransUnion wrote in statements that are cooperating with authorities investigating the website that has posted private financial data of stars such as Jay-Z, Tiger Woods as well as the vice president and first lady Michelle Obama.

The companies said they were also working to minimize the financial damage to the victims. Experian spokesman Gerry Tschopp said the company had frozen credit files of those whose info has been posted online.

The FBI and Secret Service are investigating the site, which remained active Wednesday morning.

Equifax spokesman Tim Klein wrote in a statement that an initial investigation showed the hackers exploited a website designed to give consumers a free credit report. The three companies all state that the hackers used a wealth of personal information on their victims to impersonate them and generate the credit reports.

Although Vice President Joe Biden and former Secretary of State Hillary Clinton are included on the site, their credit reports have not been posted.

The site includes Social Security numbers, credit reports, addresses and phone numbers on most of its victims.

It bears an Internet suffix originally assigned to the former Soviet Union, and many of the pages feature unflattering pictures or taunting messages of the person featured. Others whose information is posted include pop star Britney Spears, U.S. Attorney General Eric Holder, former Alaska Gov. Sarah Palin and former California Gov. Arnold Schwarzenegger.

A counter on the website indicated that it had received more than 450,000 views since its existence was revealed on Monday.

Social Security numbers posted on Jay-Z, Mel Gibson and others matched records in public databases. Social Security numbers are not public records, although they used to be included in some court filings. Many courts require the information be redacted from filings since the numbers can be used to steal a person’s identity and open credit accounts in their name.

Online security expert Marc Maiffret said sensitive information can often be gleaned from a single database, but the varied nature of the people targeted made the site’s motives less clear.

Maiffret, the chief technology officer for Carlsbad, Calif.-based security firm BeyondTrust, said the site contained information that, if accurate, could be very damaging to its targets.

“Pretty much everything comes falling down once you have a Social Security number,” he said. “Once somebody has that, the person has the keys to everything.”

The information could be used to shut down accounts and utilities, although Maiffret said celebrities and government officials have more resources to protect themselves and their financial companies will likely be guarding their accounts since the site’s postings.

Average consumers should consider adding a second password to their accounts to protect against hackers who have access to their Social Security numbers and other financial information.

Story Continues →