You may remember when Choicepoint, the data aggregator and vendor of personally identifiable information fell prey to a very simple ploy. Some Nigerian data thieves became customers and proceeded to download thousands of records. ChoicePoint is finally settling a class action law suit that arose from that incident almost four years ago. The price tag is $10 million. Ouch.
The lesson is obvious: you have to think through all possible scenarios when making critical data available to your customers including what should be obvious - that your customers may be crooks. There are deeper questions though. The credit bureau's and ChoicePoint ( a spin off from one of the bureaus, Equifax) have created a world where credit histories can be used to open new accounts with credit card issuers, apply for loans, and rent apartments. If it were not for them thieves would have no reason to want to steal Social Security numbers and credit reports.
The real culprit is actually ChoicePoint itself and the three bureaus. By creating what is supposedly a superior solution than the old fashioned way of granting credit (knowing your customer, personal references, bank references, like they do it in most of the rest of the world) they have created a system that is prone to identity theft and over extended borrowers.
I suggest that the FTC, various Attorneys General, and the trial lawyers, target the credit reporting industry for reform. Maybe we can starve the cyber criminals out by making identities less valuable goods.