Case of the Missing Password

TRW Information Services in Orange, Calif., the largest credit-reporting agency in the U.S., keeps credit histories of some 90 million Americans. Access to its files is gained with a computer password, actually a number code. Last week TRW officials confirmed that an account password had been filched from one of its creditor subscribers, a West Coast Sears store. It was then posted on so-called electronic bulletin boards, which almost any computer enthusiast can hook into through phone lines.

The code was changed by TRW as soon as it learned of the security breach, and it was not known how much damage, if any, had been done by unauthorized use of credit information. The potential was immense. Using the password, plus other easily available information, a person could display anyone's credit history to obtain credit-card numbers. Those could be used to order merchandise by mail.

TRW has stepped up efforts to make its system more secure, but there are limits. Companies that grant credit want relatively easy access to the files to check out customers, and any move toward tighter security will make it more difficult and expensive to use the service.