DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Changes Coming to Credit Agencies Won’t Stop Hackers

Posted on March 9, 2015 by Dissent

Jordan Robertson of Bloomberg reports:

The three big U.S. credit-reporting agencies have agreed to be more helpful. Errors in your credit history will now be easier to correct and delinquent medical bills will take longer to hurt your credit score. An agreement announced Monday between New York Attorney General Eric Schneiderman and Experian, Equifax, and TransUnion will limit the damage caused by inaccurate credit reports, which can sabotage home and car purchases, jack up interest rates, and sometimes cost people their jobs.

But one thing was missing from the list of reforms. The credit agencies have long been prime targets for hackers, and the agreement made no mention of improvements to cyber-security practices.

As Robertson reports, the type of Experian breaches this blogger has reported on numerous times – where client login credentials are compromised and used to access Experian’s database – have continued. Since Bloomberg News reported on the problem in 2012, there have been additional breaches, and I now have 109 of Experian’s own reports to state attorneys general describing such breaches of their credit reporting database. That number is likely an underestimate, as not all states requiring reporting to the state attorney general, and not all states make reports available under public records law.

As Robertson notes,  this activist “has been pushing the Federal Trade Commission to tighten the industry’s security practices.” I filed a formal FTC complaint as an advocate in April 2012, but have seen no public action by the FTC in response.

Is Experian too big for the FTC to hold accountable for data security? Why haven’t we seen any consent order or administrative law proceeding?

In response to Robertson’s questions:

Experian spokesman Gerry Tschopp said the company uses a sophisticated computer system to detect anomalies. “Data security and protection are a top priority, and we constantly invest in and evolve our systems to protect the integrity of our systems, our data and our platforms,” he wrote in an e-mail. TransUnion’s Clifton O’Neal said the company regularly reviews and tests its own internal security processes and controls. “However,” he added, “to maintain the integrity of our security procedures, specific details and efforts regarding those procedures cannot be disclosed.” And Equifax spokesman Tim Klein said: “The security and integrity of our data is of the utmost importance to us. Updating, enhancing the protections, ensuring they are as strong as possible, is an ongoing process for us and our data security team.”

Neither TransUnion nor Equifax have reported anywhere near the number of breaches due to compromised client login credentials that Experian has reported. And as both Brian Krebs and I have commented, when Experian’s database is breached by client login misuse, Experian offers consumers its own credit monitoring product. How convenient (and cost-saving) for them.

Robertson concludes:

Anything to make cleaning up identity theft easier is a good thing. At the same time, more transparency from the custodians of our most private information about how they safeguard to prevent attacks would be good, too.

To which I’d add: and more actual data security enforcement by the FTC would go a long way to getting the word out. That they have aggressively pursued LabMD while not taking action against Experian is just…. disturbing.

Related posts:

  • Equifax Reaches $1.4 Billion Data Breach Settlement in Consumer Class Action; Also Agrees to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach
  • Experian defends security protocols while investigations into its data security grow
  • EXCLUSIVE: U.S. Info Search is responsible for notifying victims of breach, not us – Experian
  • TX: Statement and Frequently Asked Questions about the 2018 ERS OnLine Security Incident
Category: Business SectorCommentaries and AnalysesOf NoteU.S.

Post navigation

← ANNOUNCE: Change your bookmarks and RSS Feed
Welcome, PHIprivacy.net subscribers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.