Three years ago today, I filed a complaint with the Federal Trade Commission about Experian’s data breaches.
Back then, I knew about 60 breaches of their credit reporting database due to client login credentials being misused. There were also other breaches of their database involving people being able to authenticate as others to obtain credit reports, but my complaint focused on client login credentials being misused. Keep in mind that this was all before the Court Ventures mess, too.
Under FTC’s procedures, I was never told what happened to my complaint, but I think we can all agree that we’ve never seen any announcement from the FTC concerning any consent order or data security enforcement action under Section 5. Nor have I seen any closing letter.
So here we are three years later. By now, I know of about 109 breaches of their database due to client login credentials being misused (not counting the Court Ventures mess). I stopped keeping track of the other type of breaches involving authentication, but there have been more of those, too.
And of course, what I know is likely only a subset of all of Experian’s breaches because most states do not have a centralized breach report database that can be obtained.
So is my complaint still under investigation by the FTC? Has the investigation been closed? We know nothing because of the FTC’s procedures for non-public investigations.
In the last three years, the FTC has pursued more than 50 data security enforcement cases. In my opinion, they have wasted incredible resources going after LabMD. In the meantime, Experian continues to compile more information on more consumers every day.
I’d love to know why there has been nothing public about this Experian complaint. Are they too big for the FTC to fight? Did FTC find the complaint unfounded for some reason? I would hope that no company is beyond the reach of the FTC when it comes to data security and protecting consumers.
Your information that you entered with the FTC was put into their secure database and as a result Federal, State or local law enforcement officers can serarch the information in the course of their investigation. The FTC does not have the authority to bring criminal cases, they help victims of identity theft by providing them with information and steps to take to resolve identity theft issues. Your information is stored for up to 3-5 years for referencing any complaints you have filed with them. Check out the website if you need more information http://www.ftc.gov/idtheft
My complaint was an advocate, asking the FTC to bring a data security enforcement action. I don’t need info on ID theft. Consumers need the FTC to hold businesses – and credit reporting agencies – to keep our data secure when they promise to do so.
Well, that sounds like we have to get the FTC some authority to help with investigations. Because as of now, FTC has not authority to do anything other than being a place of resources. I feel the injustice of all the callers I speak to when I take their complaints, and I feel good when I provide them with the helpful information. However, I too hope that something does get put in place to put an end to all these outrages ways that people can breach or expose people’s personal information. My biggest problem in relation to these breaches is with the SSA. They are the ones who really should have more hands on help to secure and provide ACCURATE information on how to protect peopple’s SSN. Until they give the SSA some type of authority, I think we will continue to see problems like this coming into the FTC daily.
“Because as of now, FTC has not authority to do anything other than being a place of resources” <--- That is inaccurate. FTC has authority under Section 5 to enforce data security to protect consumers.