“Sophisticated” online thieves have stolen information from first lady Michelle Obama, Vice President Joe Biden, the FBI director and the Los Angeles police chief as well as several celebrities, including Beyonce, Ashton Kutcher, and Jay Z.

A website — which has an “.su” domain name, representing the old Soviet Union — posted what appears to be their credit reports and other information.

---

Some of the information, it turns out, is out of date . The website shows FBI director Robert Mueller living in San Francisco, for example. But other data appear to be accurate.

All of this kind of information can be bought online from commercially available websites, experts say, once someone's Social Security number and date of birth are known. 

Among other victims are former Alaska Gov. Sarah Palin and Los Angeles Police Chief Charlie Beck. Other celebrities targeted include Mel Gibson, Kim Kardashian, and Paris Hilton.

The FBI and the Secret Service say they are investigating the website. So is the LAPD, because so many of the celebrities live in Los Angeles, as does the police chief.

The existence of the website was first revealed on Monday, and as of Tuesday morning was still in online. NBC News is not disclosing the website’s address.

There is no indication that any of the information was obtained by computer hacking. Instead, those on the site now join the millions of other Americans who are victims of identity theft. There's no indication so far that anyone has tried to use the information posted on the site to pose as any of those targeted.

Credit report agency Equifax said that reports of some of the individuals were accessed through AnnualCreditReports.com, a website it owns with Experian and TransUnion.

"Equifax can confirm that fraudulent and unauthorized access to four consumer credit reports has occurred through the AnnualCreditReport.com channel, a free public service that allows all consumers to get annual access to their credit report," the company said in a statement. 

"Our initial investigation shows the perpetrators had the (personal information) of the individuals whose files were accessed and were therefore able to pass the required authentication measures in place. We have launched a full investigation into this matter and we are also working closely with law enforcement authorities on this matter."

Related: Celebrity hackers stole data from AnnualCreditReport.com, Equifax says

TransUnion said its systems “were not hacked or compromised in any way” but blamed the compromise on “sophisticated perpetrators.”

None of the people targeted by the website have yet come forward to comment on the accuracy of the information exposed. Representatives of those targeted either declined to comment on the accuracy of the information that was posted, or they did not return messages seeking comment, according to the Associated Press.

Stealing the personal information of celebrities isn’t new. More than a decade ago a California man masquerading as Tiger Woods used the golfing great’s name and Social Security number to buy big-screen televisions, stereos and other goods. Anthony Lemar Taylor was sentenced to 200 years in prison.

 

A new report by the Federal Trade Commission slams the nation's credit bureaus for upselling identity theft prevention services when victims call looking for help.

The report found that consumers face frustrating voice mail systems that often make it hard to reach a live operator, are confused about their rights and face unnecessary hurdles fixing credit report errors caused by identity thieves. It also pointedly raises the possibility that the new Consumer Financial Protection Bureau could initiate enforcement actions against the bureaus -- Equifax, Experian and TransUnion.

The report comes as that new agency is about to take on regulation of he credit bureaus, a major shift in the way they are policed. The bureau’s new powers will kick in this summer.

---

The FTC’s findings are the result of a years-long survey of 3,000 ID theft victims who had contacted the agency, and a subset of those victims. The study was mandated in 2007 by the Bush administration’s Identity Theft Task Force.

The survey takers were not scientifically sampled, so the results should not be extrapolated nationally. But they do offer insight into the struggle ID theft victims face when trying to recover from the damage inflicted by their imposters.

Pestered with pitches
The news wasn't all bad for the bureaus -- 68 percent of respondents said they were somewhat or very satisfied after their interactions with credit bureaus.  But there were plenty of complaints.  Chief among them: Victims are pestered with pitches when they are simply calling for help.

"They kept trying to sell me a fraud alert package and I often had to ask to speak to a manager to get them to put a freeze on my credit reports," said one victim quoted in the report.  Another complained:  "It was very difficult to avoid marketing." Several said that, as a result of the pitches, they ended up buying services they felt should have been free.

"Several consumers in the focus groups complained that they felt pushed into paying for additional services while placing their fraud alert,” the report said. One complained that when attempting to obtain a credit report, the respondent was tricked into signing up at a fee-based credit report website.

'They should be helping you'
But at least those folks got through the phone mail tree and reached a live person.  Many victims complained to the FTC that they "spent too much time navigating automated menus and being placed on hold."  One of three victims who called looking for help said it was either somewhat difficult or very difficult to get a human being on the phone.

"That's because operators are spending too much time selling things people don't need," said Ed Mierzwinski, head of the Public Interest Research Group, a public interest advocacy organization. "The bureaus are supposed to keep your information accurate. When you call to complain, you are a victim of their failure, and they should be helping you, not pitching you to buy their product that won't help you anyway.”

In 2000, the FTC fined the three bureaus a total of $2.5 million for failing to answer consumer phone calls in a reasonable amount of time, something they are obligated to do under federal law. The FTC didn't say whether it was considering a similar action in light of the complaints in the report, but it did issue a warning to the bureaus.

"Given these incidents, the Consumer Financial Protection Bureau, which has examination and rulemaking authority in this area, may want to address these practices," the agency said in its conclusion. "In addition, to the extent any marketing of identity theft protection products involves unfair or deceptive practices, the commission retains authority to bring enforcement actions to protect against such conduct."

Credit bureau TransUnion said that it takes consumer rights seriously.

"TransUnion was the first credit reporting company to establish a Fraud Victims Assistance Department," said spokesman Clifton O'Neal in a statement to msnbc.com "We established (it) in 1992.  Consumers calling (the number) are always presented with the option to speak to a fraud specialists to assist them and answer any questions.  In addition, consumers can easily place and remove fraud alerts and credit freezes online at TransUnion.com."

Equifax and Experian didn't immediately respond to requests for comment.

Confusion
There were plenty of other signs of dissatisfaction in the FTC report, including confusion over consumer rights. Many consumers didn’t know they could request that ID theft-related items be blocked from credit reports, for example. Others didn’t know the difference between free annual credit reports provided to anyone at http://AnnualCreditReport.com, and the free credit report that ID theft victims can obtain when they call a bureau to report the crime.  Such confusion also leads to unnecessary purchases, the report suggested.

Only 51 percent said they had received the free credit report they'd asked for from all three credit bureaus after reporting the crime. Some victims said they had to wait "weeks or months," and about 10 percent said none of the three sent a report.

"(One) participant did not receive the credit report until after the 90-day fraud alert had expired," the report said.

The biggest complaint involved trouble getting errors fixed: 29 percent said mistakes that landed on their credit reports were not corrected. 

"(It) was easier for the thief to change my info on my credit report than it has been for me to change it back. It's still not right," said one victim.

Tortuous process
Even consumers who were eventually able to beat back mistakes said the process was torturous. One in four said three to five phone calls were required to fix errors, and about the same number said they were "very dissatisfied" with the process -- the highest dissatisfaction rating in the survey.

 "(If) your identity is stolen it becomes a full-time job to get it fixed. Everybody, credit cards, banks, CRA want to pass the buck," said one victim quoted in the report.

Mierzswinski, who's testified about credit bureau misbehavior before Congress repeatedly during the past 20 years, said he's seen all these complaints before. But he's optimistic that the new consumer agency's power to regulate and sanction the bureaus offers a real chance to address some of the recurring consumer issues.

"All of us have been disappointed that the bureaus have really skated for a long time and gotten away with a lot of sloppy practices," he said. "The Federal Trade Commission never had the big guns, but the CFPB does. ... We think it will be an exciting time."

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter.