I don’t think it’s fraud, although this company certainly skirts the edge. I get junk mail probably once a week or so from places that call themselves “Automotive Insurance Price Adjusters” or “Mortgage Rate Department” or “Homeowners Insurance Premium Board” or something of that nature. The letter starts something like: “Dear Customer: In looking over our records, it has come to our attention that you are likely paying a higher insurance premium than necessary. In order to rectify this, blah blah blah…”
These companies are clearly trying to fool the recipient (me, in this case) into thinking that the letter originates from my current insurance or mortgage company; probably to get me to switch carriers (as opposed to trying to harvest SSNs). Seems to me (the non-lawyer) that they’re definately skirting the edge of deceptive business practices, but staying on the legal side, since they, very carefully, come nowhere near saying they actually represent my current mortgage/insurance/whatever company; they just imply it.
Still, it ticks me off more than a little, because I wonder how many people get scammed into switching companies (and probably getting saddled with higher premiums) because they think they’re talking to their current company.
Hey dantheman, if someone takes money out of your bank account using the strategy you mentioned, then the bank must immediately recredit your account when you call them up.
The point is that while identity theft is a bad thing and should be stopped, you’re not just SOL if one takes your money from a bank. It will be a pain to get it all sorted out, but you will get your money back; some folks seem to forget this last part and think their money is gone forever.
And that’s pretty cool, TaxGuy; I’m glad the banks have to credit the account. Of course, the true deviant will siphon small amounts at a time, the easier to elude suspicion, no? If a baddie managed to get $1000 from my account, I’d probably notice and would get that credit. But if he took out $19.95 a week for a few months, some time might pass before I’m clued in.
This is exactly right, I wouldn’t have ever thought of this until you brought up this point. I am one who does not balace the checkbook with the bank statement. I would probably never notice and extra 20 gone here or there.
If I were you, Vanguard, I would make darn sure that the charity group disposed of the SSNs. Barring that, I’d take a look at your employee release forms in HR, to make absolutely sure that what they’ve done is out of bounds.
At the university I work for, we can’t even transfer SSNs from one office to another within the university without a signed release form. (It’s not law per se, but IMHO it’s a sane policy.) And when I worked in the UK, we couldn’t even collect National Health Insurance numbers–I guess the closest equivalent–without signed said release form.
And there’s a lot a charity can do with SSNs, though most of it is legal. Of course, if there’s one disgruntled employee there with access to the database…
Yes, it is possible to get a replacement SSN, however per the guvmint they have some particular criteria you must satisfy - in this case if someone were to use my SSN, create all kinds of havoc and generally be making my life miserable, including in a financial sense. So far it hasn’t happened
A number of us sent requests to the person in charge of the charity drive at work to immediately have our info deleted from the charity’s website. That’s nice but how are we supposed to trust that it’s been done? I mean, this was a pretty big violation of trust to begin with.
Director of firm administration is looking into what happened and how. I’m keen to hear the story…
Valgard (Viking name, not Vanguard which is the name of a pretty spiffy mutual fund company)
If the charity received the information electronically, they should not have had a field defined to store the SSN, so it should have never even been inserted to their database. (I’d say the same thing about the addresses, but I don’t know whether your HR people agreed to send those.) Of course, if the charity simply stored all the data as a text string, they would still have the information in their database.
I would say that if they cannot demonstrate that they do not have the SSNs, then a call to your town’s meanest journalist, asking why the charity is harvesting personal info, might be in order.
And if the charity had a place on their database for storing the SSN, I’d really take it to the news.
