Barry Harrell has a follow-up on the Texas Comptroller’s breach that affected 3.5 million Texans.
I was interested to read that 100,000 people signed up for the offered credit protection monitoring, which is less than 3% of those offered it – at a cost to the state of $600,480. The state had originally offered those affected a discounted rate for credit monitoring services, but following public protest and media attention, changed the offer to free services.
That only a minority of people take advantage of offers to sign up for free credit monitoring is not new, but it’s somewhat mind-boggling to me that less than 3% of people informed that their information was available on the web for over a year took advantage of the offer. Is it that people are too lazy or disorganized to sign up, or that they don’t really believe they could be at risk, or what?
If studies show that consumers are concerned about ID theft or fraud but consumers don’t avail themselves of offered protections or free services, some might argue that federal law should be revised to allow the entities to enroll those affected in such services on their behalf. Readers may remember how Experian sued Lifelock to block them from placing fraud alerts as agents of the individuals. There was talk at the time of how the Fair Credit Reporting Act might at some point be revisited, but nothing ever happened.
I do not believe that breached entities should be able to sign individuals up for services they neither request nor want, and I realize that some might argue that the state wasted $600,000 for services that were not really needed since there has been no evidence of fraud (at least not yet).
But where do we go from here? Should we be encouraging people to sign up for such services when they are offered? If so, what do we need to do in terms of public awareness and education?