back to article Password-less database 'open-sources' 191m US voter records on the web

A database with personal information on 191,337,174 US voters has apparently been found unprotected online by a security researcher in Texas. Austin-based Chris Vickery – who earlier this month found records on 3.3 million Hello Kitty users splashed online – says the wide-open system contains the full names, dates of birth, …

  1. zen1

    face palm

    It's shit like this that will contribute to the crashing and burning of western civilization. And I suspect it will only get worse, due to the conversion to all digital voting equipment.

    1. Amorous Cowherder
      Happy

      Re: face palm

      Plus the demands of security services to have backdoors and "crack-on-demand" requirements for all encryption software....

      Sing along with me, "It's the end of the world as we know it and I feel fine!"

  2. Anonymous Coward
    Anonymous Coward

    What's the concern?

    People's home addresses aren't exactly secrets - until landlines went out of fashion most people had theirs available in the phone book. Sure, it is a concern for those like battered women who have reason to keep their address less easily accessible, but there are so many data breaches every year that anyone who aggregated that info would already have everything contained in this database. And there's no doubt there are people who have aggregated that data - including operators of web sites that promise to give you information such as address, phone number and more on anyone in the US. For a fee, of course.

    For our non-US readers, this database won't contain anyone's voting record. That information is not stored on anyone, since ballots are secret. The party affiliation field in there would be populated with what party you registered under. You aren't required to register with a particular party (you can choose 'independent') and you don't have to vote your registered party, with the exception of some states where you can only participate in a particular party's primary/caucus if you are registered with that party.

    For my part I chose a party I'm registered under because I found when you register independent BOTH parties call you up and try to get you to vote (and they treat registering under a third party as independent) So it is better to choose one just to cut by half the number of annoying calls you may receive during election season.

    1. diodesign (Written by Reg staff) Silver badge

      Re: What's the concern?

      I can see why some people would be annoyed by this database configuration (it may override your state's privacy hurdles). I can see why some people wouldn't be. It's something to debate.

      C.

      1. dan1980

        Re: What's the concern?

        I can understand why some people view it as a relatively low-level issue so far as privacy is concerned but I can't see why people aren't annoyed because it's the principle - this is data about people that has been collected and it should be secured as a matter of course.

      2. Ken Moorhouse Silver badge

        Re: I can see why some people would be/wouldn't be

        I think it is down to the ability to be able to Push a Button and you have all this information at your fingertips. It's like the Direct Mail companies who can sell a targeted list to umpteen companies. People prefer to know that their details are not so easily accessible to the companies that buy these lists. In this case it looks like there is no need for a marketeer to even buy the list - no "honeytrap" worries here of using a list beyond the rental period, it's effectively "public domain".

    2. a_yank_lurker

      Re: What's the concern?

      The concern is the database owner was extremely sloppy with this information. Thus what other even more sensitive information is available for perusing because they are incompetent.

    3. John H Woods Silver badge

      Re: What's the concern?

      I presume the concern is that the voters did not necessarily give permission for this information to be given to anyone, without restriction -- or audit.

      Privacy is not one dimensional: I really don't mind the UK secret services knowing what I use my VPN for, but it doesn't mean I want the council's parking control officer to know; I don't mind the latter knowing my address, but I don't want him to know my date of birth; etc.

      There is also the issue of aggregation. Sometimes secrets that aren't even in the data can be given away by the data (e.g. a geographic clustering of security cleared people in a rural town). Databases which contain gender and D.o.B. information can be used to identify the locations of thousands of young women, for instance.

      However, the key flaw in your argument is to assume that everyone else should be comfortable with your own personal privacy levels. I post here using my full name, but I don't expect everyone else to, and I'd be highly unimpressed with someone "outing" a fellow commentard who had used a handle or posted AC.

      1. King Jack

        Re: What's the concern?

        @ John H Woods I am with you on your comment but why do single out young women as a special case? In this day of equality, men are entitled to just as much privacy as anyone. The days of women getting special treatment are over.

        1. BasicChimpTheory

          Re: What's the concern?

          @King Jack

          "In this day of equality, men are entitled to just as much privacy as anyone. The days of women getting special treatment are over."

          I would hope that the days of anyone that is more likely to suffer at the hands of the vindictive/cruel being thought of as needing help are not over at all.

          But maybe you are right...

      2. Anonymous Coward
        Anonymous Coward

        Re: What's the concern?

        "Privacy is not one dimensional: I really don't mind the UK secret services knowing what I use my VPN for, but it doesn't mean I want the council's parking control officer to know; I don't mind the latter knowing my address, but I don't want him to know my date of birth; etc."

        That only works as long as your views are aligned with theirs (or at least you think they are). In your case you believe that your views on parking differ from the councils, but that UK Secret Sevice views are aligned with yours.

        But that requires uniformity of opinion, that would prevent dissent and free political discourse.

        Why should the spooks check and vet what I say in private? Who put them in charge of the thought police?

      3. Warm Braw

        Re: What's the concern?

        I ... don't mind the UK secret services knowing what I use my VPN for, but it doesn't mean I want the council's parking control officer to know

        I think you'll find the secret services value their privacy more than they value yours - hence the secret trials, not being told the evidence against you, nameless witnesses, etc. Personally, I'd rather trust the council's parking officer.

    4. Anonymous Coward
      Anonymous Coward

      Re: What's the concern?

      I'm really trying to guess if you're trolling or not?

    5. grumpyoldeyore
      Facepalm

      Re: What's the concern?

      Ah - the Jeremy Clarkson effect : http://www.telegraph.co.uk/news/uknews/1574781/Jeremy-Clarkson-eats-his-words-over-ID-theft.html

    6. Mark 85

      Re: What's the concern?

      And there's no doubt there are people who have aggregated that data - including operators of web sites that promise to give you information such as address, phone number and more on anyone in the US. For a fee, of course.

      And no one seems to be upset that these companies also aggregate police records, credit records, just about anything they can on everyone. Once upon a time, if you wanted a lot of info on someone, you really had to dig for it. Today, you just figuratively swipe a credit card and the info is there. I find that is intrusive as hell.

      Having said that, I do wonder if this "researcher" merely accessed one or more of these companies' database.

    7. Amorous Cowherder

      Re: What's the concern?

      OK, suppose my details have been protected by a court order but somehow got mixed up in this mess? As you hint at, domestic abuse and organised crime affiliations could be compromised and next thing there's innocent families caught up in this mess all because one sloppy person doesn't bother to buy a "Databases for Dummies" book and find out the bare minimum about how security should work on a database.

    8. tom dial Silver badge

      Re: What's the concern?

      It is not entirely clear why these records should be thought private; they are, after all, records collected for a public purpose by a government agency, and are records that are important to the conduct of the very important election process. The example given shows, for the data items I recognized, what is available in many or most states to political parties able and willing to pony up the cash to buy a copy.

      While the location information included might increase the risk to some people who require protection, the probability of that is low because either their location already is known to those who threaten them, or they have moved to a place of hiding and had the presence of mind to omit notifying the voting officials.

    9. Ken Moorhouse Silver badge

      Re: What's the concern?

      "For our non-US readers, this database won't contain anyone's voting record. That information is not stored on anyone, since ballots are secret. The party affiliation field in there would be populated with what party you registered under. You aren't required to register with a particular party (you can choose 'independent') and you don't have to vote your registered party, with the exception of some states where you can only participate in a particular party's primary/caucus if you are registered with that party."

      "For my part I chose a party I'm registered under because I found when you register independent BOTH parties call you up and try to get you to vote (and they treat registering under a third party as independent) So it is better to choose one just to cut by half the number of annoying calls you may receive during election season."

      That nuance might be obvious to many, but it may not be so to a crazed dictator. Misinterpretation of the purpose of a table field is one of the scourges of database design.

    10. Dan 55 Silver badge
      FAIL

      Re: What's the concern?

      Of all the arguments for "nothing to see here, please disperse"...

      - Just because information is available in one database means it's okay for it to be available in another bigger database, just because.

      ... and...

      - Just because it's available in another bigger database, access restrictions don't matter, just because.

      ... are particularly weak.

  3. Gray
    Trollface

    All your data are belong to us

    ... it will only get worse, due to the conversion to all digital voting equipment.

    Actually, it's necessary to convert all polling places in the US to digital voting equipment. Otherwise, election rigging will remain cumbersome and slow with timeouts for 'hanging chad' conferences. Much more convenient without those pesky paper backups.

    Voter database? Surely ... all your data are belong to us!

    1. Yet Another Anonymous coward Silver badge

      Re: All your data are belong to us

      It is also terribly disruptive to the rolling 24hour news schedule to have to wait until after the count to decide who won.

      1. Androgynous Cupboard Silver badge

        Re: All your data are belong to us

        > It is also terribly disruptive to the rolling 24hour news schedule to have to wait until after the count to decide who won.

        I misread that as wait for the court to decide - both apply equally well.

    2. Roq D. Kasba

      Re: All your data are belong to us

      Indeed, you can announce the result without putting people through the inconvenience of voting.

      1. Mark 85

        Re: All your data are belong to us

        There are those who say that the west coast voters generally don't care to go to polls once a "winner" has been declared. I tend to agree as why bother then except for the local and state elections. However, the state I'm in, we can vote by mail so our votes get counted and sometimes are figured into the predictions.

        1. Crazy Operations Guy

          "There are those who say that the west coast voters generally don't care to go to polls"

          Well, in the case of Washington State, anyone who was going to vote would've already done so in advance as the state has gotten rid of all polling stations and switched to purely mail-in ballots. Of course that doesn't rally matter all that much in national elections anyway with the electoral college system where the race ends up getting called well before votes are even counted (Since there aren't enough electoral college votes to matter despite there being more than enough voters)

  4. Anonymous Coward
    Anonymous Coward

    Has anyone besides the guy himself seen the proof?

    So far I've heard a lot of noise coming from this guy but nothing substantial, other than "he said so", to back up his words. I'm reaching a point where I don't trust it anymore.

    Thing is: have you, as an individual, ever tried to take down a confiscated server? When it's located in China or other "vague areas" then good luck to you because you won't succeed. Even if you try to contact the data center directly and provide them with all the proof they need then more than often the server will remain as-is. Heck; this also often applies to US and EU located servers.

    Yet here is this guy who finds huge privacy sensitive databases, no one other than him seems to have had access to it, and when he's done the information is also gone. My other point: if the people behind it would want to spread this info then they'd have utilized torrent and other means which make it pretty much impossible to take it down. If they didn't want it to be found... Well, any idiot can set up a firewall these days.

    My last point: with the recent "high end" hacks, I'm talking about the Sony PSN breach for example, anyone who dug a little deeper could find traces themselves. But the stuff this guy manages to dig up... Nothing. And what a coincidence that his own personal info was in this last find as well.

    Yes, I am a little cynical, I know. But I've seen too many fake companies, and individuals, trying to make a name for themselves by simply fabricating stories. I've also seen television shows do this to demonstrate just how easy it is to become a "reliable source" of information (referring, for example, to "Neveneffecten", a Belgian TV show).

    Note: I'm not claiming that none of it is true. But I do have some serious doubts here.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Has anyone besides the guy himself seen the proof?

      Databreaches.net has seen the database too, it seems. We'll chase up the guy.

      C.

    2. Dan 55 Silver badge

      Re: Has anyone besides the guy himself seen the proof?

      I assume he's shown his own details because showing someone else's would be rather impolite, it's an SQL server instead of a web frontend which means it's a little more difficult to find, and he's not handing out the server address to all and sundry because 5 seconds later some clown would upload a copy to The Pirate Bay.

    3. Dissent

      Re: Has anyone besides the guy himself seen the proof?

      I'm the blogger/admin at DataBreaches.net. I verified Vickery's claims before starting to investigate the leak, i.e., I saw the dbase on the IP he gave me, the port was open, and I could access the database.

      Vickery has been giving me tips on leaks since September. I've investigated at least 6 by now - but I'm losing count as there have been a lot. All of his claimed leaks were verified and accurate.

      We've also verified that this database contained accurate records for six out of six probes we ran. A number of reporters also verified that data on them was accurate.

  5. Anonymous Coward
    Anonymous Coward

    Why can't we get a takedown notice for this?

    The MPAA can keep some first grader's cat video off the Internet, but we've got no mechanism for blocking access to something like this.

    Or how about a mandatory civil fine of $50,000 for publishing it without any restrictions?

    Yeah, real smart.

    This is all the fault of the greedy bastards in Congress who don't give a shit about the average citizen.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why can't we get a takedown notice for this?

      What crime?

      The information is public.

      Electoral rolls have always been public - it's the only way to know if the only person registered to vote in your area isn't the police chief.

      1. a_yank_lurker

        Re: Why can't we get a takedown notice for this?

        It's the aggregation of the data combined with information that is normally not that easy to find out. For example, my comments indicate certain political leanings and I might on occasion explicitly state them. But should my leanings or party affiliation along with other juicy demographic details be accessible to anyone with an Internet connection? My take with many others is no as matter of course, ethics, and policy.

        1. Amorous Cowherder

          Re: Why can't we get a takedown notice for this?

          As a_yank_lurker has stated, it's the info aggregation that's the real issue.

          No, there's nothing illegal with people knowing my name and address, I give that out to all and sundry, be my guest. However the problem starts when that's not enough, when they add sexual orientation, political affiliation, previous crime involvements, social security IDs, financial history, current financial status, previous relationships and let's not forget about the UK Gov's need to add previous years internet site visits, mobile phone calls and text messages.

          In 10 years time I won't need to spend a week or two assembling a database of identities to rip off, I can simply login into My-DBA-Is-A-Fecking-Moron.net and snag myself a million 100% complete identities and make a bit of cash in a few minutes. Heck if that's too much work, I can just see how many of those I can blackmail and watch the cash roll in!

        2. AmenFromMars

          Re: Why can't we get a takedown notice for this?

          My political leanings are my own affair, comrade.

  6. Anonymous Coward
    Anonymous Coward

    I'm shocked

    I'm shocked that that many Americans might actually want to vote!

    1. Roq D. Kasba

      Re: I'm shocked

      Apparently there's ~235M of 'em of voting age, so this is a pretty comprehensive list, and is certainly considerably bigger than the actual voting population.

    2. Anonymous Coward
      Anonymous Coward

      Re: I'm shocked

      It wasn't that long ago that coloured citizens were blocked from registering to vote by law in some states.

      Getting on the electoral role over there is a PITA compared to here in blighty. It is apparently controlled by the main parties. If that is not a chance for corruption then I don't know what it.

      Then there is the 'Hanging Chads'

      Democracy? The count is still in progress on that one.

      1. Captain Badmouth
        Unhappy

        Re: I'm shocked

        "It wasn't that long ago that coloured citizens were blocked from registering to vote by law in some states."

        You might mention non-property owning people in N. Ireland (mainly catholics) who couldn't vote up until the late 1960's, and the landlords there who had multiple votes because of this.

      2. Dan 55 Silver badge
        Alert

        Re: I'm shocked

        And you don't actually vote, the electoral college does.

        1. Nunyabiznes

          Re: I'm shocked

          Only in the presidential election. Everything else is popular vote per state (or smaller unit depending on election). Example: US Senators are elected state wide, but US Representatives are elected by district within the state. Then you have individual state offices, county, municipal, etc.

      3. Anonymous Coward
        Anonymous Coward

        Re: I'm shocked

        "It wasn't that long ago that coloured citizens were blocked from registering to vote by law in some states"

        The laws are more selective these days. They don't block on basis of colour but can have the effect of blocking coloured citizens disproportionately.

        eg "Felony disenfranchisement" affecting the higher proportion of citizens being jailed in the US. The UK has been criticized for not letting people in prison vote, but in the US it can be difficult to vote AFTER your sentence has been served through requiring a petition to be made. (eg to "Application for Restoration of Civil Rights" to the governor of Kentucky)

      4. Nunyabiznes

        Re: I'm shocked

        Re: AC "Getting on the electoral role over there is a PITA compared to here in blighty. It is apparently controlled by the main parties. If that is not a chance for corruption then I don't know what it."

        Voter ID laws have been struck down in many states. Here people are allowed to register to vote the day of election with nothing more than an electric bill. No state issued id needed, no photo id, just something purportedly proving -residency-. There is an important distinction between residency and citizenship. If that isn't proof of corruption of the voting process I don't know what is. Every time we try to enact stricter registration laws the ACLU and the like get involved. I'm not condoning actual poll taxes or overt hurdles to minority classes, but I don't think that having to have a free state issued photo id to register and then vote is an unnecessary burden, and having to register at some point before the election isn't either.

        If it is even easier to register and vote in the UK (or whatever division of it you are inhabiting) you have a problem.

      5. tom dial Silver badge

        Re: I'm shocked

        It has been half a century since a law prevented African-American citizens from either registering to vote or voting. As always, the Civil Rights Act of 1964 and the Voting Rights Act of 1965 were not always followed, complaints made under the laws were not always prosecuted with vigor, and prosecution did not always result in conviction and punishment. Nonetheless, it has not been legal in any state to deny voter registration or voting based on race since 1965.

        Getting registered in the US requires an affirmative act, most often, I think, checking a box on a driving license application or, for those who do not have or seek driving licenses, completion of a form to be filed with a local or state voting registrar. Twenty-three states also provide online registration applications and forty-seven accept the printable mail-in form available from www.usa.gov. In general, procedures here are not materially more difficult or greatly different from those in the UK.

        Registration is nowhere controlled by major political parties as a matter of law and cases in which the major parties control it in practice are at most local and extremely rare.

        Aside from the fact that "hanging chads" on punch card ballots has nothing at all to do with voter registration, it is a problem logically equivalent to mismarked paper ballots: almost entirely a matter of voter error and rarely a result of poor ballot quality or punch pin wear. It is possible, but extremely unlikely, for the punch used to be pushed completely through the card and leave the chad attached to the ballot. Most of the hanging chads would be dislodged before or during machine counting.

  7. Anonymous Coward
    Anonymous Coward

    Remember Choicepoint?

    No polling company records an individuals likely voting for hundreds of millions of people!

    Remember Choicepoint? Remember Florida? Remember Database Technologies?

    These databases are used to rig elections. They are used to draw up boundaries for Jerry Mandering. They are used to scrub people off electoral rolls. They've been used to generate challenge lists.

    In Florida they were used to assign counting machines for punch, count voting. Where miscalibrated machines were allocated to Democrat wards so votes would be counted as null.

    There's a $2 billion election coming up, with 1%ers spending big money to win an election. They don't spend it on polling!

    1. MondoMan

      Re: Remember Choicepoint?

      These databases are also widely used for legitimate purposes, such as get-out-the-vote efforts targeted at people who you think will be inclined to vote for your preferred candidate.

      1. Anonymous Coward
        Anonymous Coward

        Re: Remember Choicepoint?

        "These databases are also widely used for legitimate purposes, such as get-out-the-vote efforts targeted at people who you think will be inclined to vote for your preferred candidate."

        Inclinded? And what is the excuse for having the private details of DISinclined voters?

        After the "Citizens United" decision, it's not uncommon to have employees subjected to political propaganda during work hours, now their employer can vet them for hiring and promotion purposes based on their political views.

        We keep voting secret for a very very good reason, yet this database is from someone trying to unmask that data.

        1. tom dial Silver badge

          Re: Remember Choicepoint?

          As an earlier poster noted, there is no requirement to indicate a party affiliation or anything that suggests political preference as part of voter registration. The example in the article shows this clearly. At most, indicating a political party preference establishes entitlement to participate in selecting the election candidates of that party.

          Propagandizing during working hours has nothing to do with the Citizens United decision. Most private sector employers of any size will not allow it, and it is illegal in federal and most, if not all, state and local government offices.

          The list, which I suspect may be a list created by a state government consortium to identify potentially fraudulent registration and possible voting in several states, shows nothing at all about actual voting behavior, which is secret. Nothing in the data described can be used to reveal any voter's ballot choices.

  8. JHC_97

    DBA don't make me laugh from screenshot its a json db , you don't need dbs for the new non-sql databases as i heard my last boss tell a room of developers.

    1. Anonymous Coward
      Anonymous Coward

      Yeah, sounded like a Redis style database and config problem to me.

      1. Dissent

        Now that it's been secured, I can say: it was a misconfigured MongoDB installation.

  9. Anonymous Coward
    Anonymous Coward

    And yet governments worldwide are all pushing for more access to personal data, despite repeatedly proving that they are just they are just not competent to handle it.

    That brings the US's score to a third of the fucking population; with extra focus on and details for civil servants because OPM.

    Not sure how the UK is doing but I wouldn't bet my own money on anyone on the NHS or census or ID card databases not having their info collected by somebody. And remember we only hear about it when the good guys find it.

    Lie glibly on forms is my advice.

    1. Anonymous Coward
      Anonymous Coward

      Well, we are nearly all on an NHS database. there are 4 of them - one for each constituent nation - but aside from actual interactions with the NHS, no one collects the NHS/CHI/whatever number on forms.

      1. Anonymous Coward
        Anonymous Coward

        Yet

        AC wrote: "aside from actual interactions with the NHS, no one collects the NHS/CHI/whatever number"

        But the whole idea of the continuing care.data fiasco is so that Timothy Kelsey (who has now fled to Australia until the flak dies down a bit) could sell detailed and itemised information about your health and mine. Once that has been "acquired" by insurance companies (who are ostensibly banned at present from having it, but when was that a barrier?) then watch out for forms asking for information that could identify your NHS number.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yet

          You think insewerants companies don't already have access to the NHS number database? Remind me: who are the companies that are taking over from the failed CSUs in the North of England?

  10. Barely registers

    Permissions...

    Is it read-only?

    Also, Bobby Tables.

  11. Bronek Kozicki
    Unhappy

    address, phone and DOB aside ...

    ... what has happened to secret voting in the US?

    1. This post has been deleted by its author

    2. James Wheeler

      Re: address, phone and DOB aside ...

      The short answer is that voting is still secret. The database does NOT contain a record of who someone actually voted for.

      However, registering to vote in the US involves claiming membership in a political party (or none, if you choose to be "Independent"). This party affiliation is a matter of public record and accessible to aggregation in databases such as the one described in this article. It determines which party's primary election you are allowed to vote in, and it also impacts which candidates will hound you for campaign fund donations.

      The real issue, I think, is that aggregation of personal information is lawful (and extremely profitable - see Google, Facebook, mailing list vendors, etc.).

  12. Anonymous Coward
    Anonymous Coward

    Could somebody please explain

    the bit about copper addresses? Wouldn't it be much simpler to follow one from station to home after work?

  13. John H Woods Silver badge

    "Wouldn't it be much simpler to follow one from station to home after work?"

    That would give you 1 address and would involve both more time and more risk. It's the same with a sexual predator following a young woman home, or an investment scammer following an older person home to see if they are likely to be asset-rich and income-poor (and a good target for an equity release scam). You'd still have more work to get a name and phone number (handy for "household surveys" where you can usually find out if someone lives alone --- especially if you have a handy conversation starter like registered political affiliation) but it's not going to be impossible.

    What IS going to be impossible, though, is finding thousands of targets this way. Finding a wallet with someone's name, address and phone number is completely different to finding a DB with millions of addresses and phone numbers. Sometimes the scale of a quantitative difference is so large it is more effectively interpreted as a qualitative difference: my engineering inclinations would ordinarily, depending on the context, put that "switch" between about 3 and 6 orders of magnitude.

  14. Anonymous Coward
    Anonymous Coward

    MongoDB on 27018

    Looks like the old MongoDB exposed on port 27018 , which by default, has no authentication. I wonder if you can still find this on Shodan.

    1. Dissent

      Re: MongoDB on 27018

      You're half-right. :)

  15. Anonymous Coward
    Anonymous Coward

    Nice work...

    Does the dude in the photo carrying the sign look like he has any brains? Maybe he's the one who made the data available online in one place?

  16. ecofeco Silver badge

    So?

    I was talking to a guy who buys junk cars and he has to be able to verify titles and the sellers. There is a database called PublicData where you can do pretty much the same thing. There are a host of others as well, some free, some with fees.

    Name, SS, address, cars owned, license tags, driver's license number, the works.

    We are ALL, already bagged and tagged. It is already far worse than you think.

  17. Anonymous Coward
    Anonymous Coward

    Norman Haberschnakel Choir Wants to Know

    Hope the Church of Later Day Saints, aka (the Mormons) gets a full download of the information to baptize the American Voters. Saves waiting for 2010 census reports. The "church" (which is the largest landowners in the US) holds the best genealogical data in 'Merica. It may be redundant since FBI and CIA are packed with my people, though this gives a good cover story.

  18. This post has been deleted by its author

  19. eldakka
    Facepalm

    A little Identity Theft anyone?

    If you forget your password/PIN, most financial/telecommunications/utility institutions are happy to provide information or connection/disconnection/transfer/PIN change/password change services over the phone once the caller identifies themselves by providing information that is known only to the customer, name, Date of Birth, Address and telephone number. All nicely parceled up for 191million Americans....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like