DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Changes Coming to Credit Agencies Won’t Stop Hackers

Posted on March 9, 2015 by Dissent

Jordan Robertson of Bloomberg reports:

The three big U.S. credit-reporting agencies have agreed to be more helpful. Errors in your credit history will now be easier to correct and delinquent medical bills will take longer to hurt your credit score. An agreement announced Monday between New York Attorney General Eric Schneiderman and Experian, Equifax, and TransUnion will limit the damage caused by inaccurate credit reports, which can sabotage home and car purchases, jack up interest rates, and sometimes cost people their jobs.

But one thing was missing from the list of reforms. The credit agencies have long been prime targets for hackers, and the agreement made no mention of improvements to cyber-security practices.

As Robertson reports, the type of Experian breaches this blogger has reported on numerous times – where client login credentials are compromised and used to access Experian’s database – have continued. Since Bloomberg News reported on the problem in 2012, there have been additional breaches, and I now have 109 of Experian’s own reports to state attorneys general describing such breaches of their credit reporting database. That number is likely an underestimate, as not all states requiring reporting to the state attorney general, and not all states make reports available under public records law.

As Robertson notes,  this activist “has been pushing the Federal Trade Commission to tighten the industry’s security practices.” I filed a formal FTC complaint as an advocate in April 2012, but have seen no public action by the FTC in response.

Is Experian too big for the FTC to hold accountable for data security? Why haven’t we seen any consent order or administrative law proceeding?

In response to Robertson’s questions:

Experian spokesman Gerry Tschopp said the company uses a sophisticated computer system to detect anomalies. “Data security and protection are a top priority, and we constantly invest in and evolve our systems to protect the integrity of our systems, our data and our platforms,” he wrote in an e-mail. TransUnion’s Clifton O’Neal said the company regularly reviews and tests its own internal security processes and controls. “However,” he added, “to maintain the integrity of our security procedures, specific details and efforts regarding those procedures cannot be disclosed.” And Equifax spokesman Tim Klein said: “The security and integrity of our data is of the utmost importance to us. Updating, enhancing the protections, ensuring they are as strong as possible, is an ongoing process for us and our data security team.”

Neither TransUnion nor Equifax have reported anywhere near the number of breaches due to compromised client login credentials that Experian has reported. And as both Brian Krebs and I have commented, when Experian’s database is breached by client login misuse, Experian offers consumers its own credit monitoring product. How convenient (and cost-saving) for them.

Robertson concludes:

Anything to make cleaning up identity theft easier is a good thing. At the same time, more transparency from the custodians of our most private information about how they safeguard to prevent attacks would be good, too.

To which I’d add: and more actual data security enforcement by the FTC would go a long way to getting the word out. That they have aggressively pursued LabMD while not taking action against Experian is just…. disturbing.

Category: Business SectorCommentaries and AnalysesOf NoteU.S.

Post navigation

← ANNOUNCE: Change your bookmarks and RSS Feed
Welcome, PHIprivacy.net subscribers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.