Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just to clarify it wasn't Quest that has the compromise, it was a 3rd party collection agency which Quest sold their delinquent accounts.

Quest doesn't store SSNs but the 3rd party evidently did as part of their efforts to identify people so they can collect.

That company needs a massive fine and being forced to offer free credit monitoring for LIFE for anyone so compromised.



Where did the third party get the SSNs from if not from Quest, who may not have been "storing" them (permanently), but sufficiently to make sure their collectors could utilize them.


Quest doesn't ask for SSN - I use them for my lab tests. If you're a collection agency you're going to be getting financial records which are going to include SSN (I assume from the financial reporting agencies) and your job is to connect them to the names of delinquent Quest customers.

So Quest has pretty much no blame here - it's the collection agencies that are allowed to buy people's financial records which include SSNs that are the bad guys here.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: