U.S. probes hack of credit data on Mrs Obama, Beyonce, others
WASHINGTON (Reuters) - President Barack Obama said on Tuesday that U.S. authorities are investigating whether hackers unearthed and posted online financial information that belongs to first lady Michelle Obama and a variety of celebrities like Beyonce and Jay-Z.
"We should not be surprised that if we've got hackers that want to dig in and have a lot of resources, that they can access this information," Obama told ABC News. "Again, not sure how accurate but ... you've got websites out there that tell people's credit card info. That's how sophisticated they are."
The FBI and other U.S. agencies said they were investigating a website that posted financial and personal information about Michelle Obama, Vice President Joe Biden, other government figures and celebrities.
Some of the information was fraudulently obtained via a commonly used website for consumer credit reports, according to credit monitoring firm Equifax Inc, which said it was launching its own internal investigation.
It was unclear how much of the data, which first appeared on the website www.exposed.su on Monday, was accurate or who posted it.
The site listed Social Security numbers, telephone numbers, addresses and credit reports purportedly belonging to 18 prominent Americans. At least some of the telephone numbers were inaccurate.
The website, whose first page portrayed a mysterious-looking woman wearing heavy eye make-up with one finger over her lips, was still accessible on Tuesday although some links relating to individuals could not be opened.
Others listed on the page included FBI Director Robert Mueller, Attorney General Eric Holder, former Secretary of State Hillary Clinton, Los Angeles Police Chief Charlie Beck, actors Ashton Kutcher and Arnold Schwarzenegger, and property mogul Donald Trump.
Asked about the posting on Michelle Obama, Secret Service spokesman George Ogilvie said: "We are investigating the matter. Due to the ongoing investigation we can't comment any further." A Justice Department spokeswoman said the FBI was investigating.
Los Angeles Police Department spokeswoman Sara Faden said the department was also looking into the matter but said celebrities would have to file a police report to get their entry investigated.
It was not clear how many, if any, celebrities had filed a report. Faden said the entry of information purportedly on Police Chief Beck was being investigated.
Equifax, one of three main U.S. credit monitoring companies, said the information for four of the high-profile individuals was accessed through annualcreditreport.com, a shared website also used by rivals TransUnion Corp and Experian PLC. It did not name the four individuals.
The company's initial investigation found that the perpetrators had personal information on certain individuals that allowed them to pass authentication steps, company spokesman Timothy Klein said.
"The fraudsters would have had to have a lot of information ... this is pretty detailed stuff," he said. Those responsible for the breach would have had to know about mortgages, car loans, or other credit accounts to get the reports, he added.
Social Security numbers, home addresses and other personal information can be used for identity theft or other illegitimate purposes such as stalking.
Equifax said it was working to fix the problem, which Klein said involved the credentials used by the free public service website that allows consumers to pick which of the three credit monitoring companies' reports they want.
"We are actually taking the necessary steps to further improve and tighten the credentialing process," Klein said.
Six reports from Equifax were linked on www.exposed.su as of Tuesday afternoon and were for rapper Jay-Z, Holder, Schwarzenegger, Beck, former U.S. Vice President Al Gore and reality TV star Kris Jenner.
Experian said it froze the credit files of those "victimized by this malicious attack" and was investigating what information may have been compromised.
It said its own systems had not been hacked. But it said in a statement: "Criminals accessed personal credential information through various outside sources, which provided them with sufficient information to illegally access a limited number of individual reports from some US credit reporting agencies."
TransUnion said its systems had not been compromised. Representatives for Experian did not immediately respond to a request for comment.
The phone number given for Biden on the website turned out to be that of a store in Delaware, and one given for Kutcher was for a New York City accounting firm, raising questions about how much of the other information posted was accurate.
FBI spokeswoman Jenny Shearer said the website under investigation was an example of "doxing" in which someone creates a Web page with a list of personal information about a target.
"What we've seen on the website is an example of doxing, with pretty high-profile individuals, celebrities and public figures," Shearer said. "(It) doesn't mean it's true," she added.
Publicists for several of the celebrities named on the website and contacted by Reuters declined to comment.