Decrypting a Credit Breach

Wednesday was the one and only Back to the Future Day.  And though the trilogy that as of yesterday is set entirely in the past made some accurate predictions about the world we live in today, specifically the second film, it didn’t get everything right.  The Internet, for one; not simply the servers and the cables, but how these new tools have transformed society, through everything from social media to data breaches.  That in mind, the Experian/T-Mobile hack earlier this month throws into sharp relief a question that needs to be asked on this swell of unprecedented cyber criminal activity.  That is, are credit monitoring agencies like Experian, which alone holds data on over 200 million Americans, really keeping your information all that protected?  Lawmakers and advocates alike are already asking this question, and requesting the Federal Trade Commission and Consumer Financial Protection Bureau for investigations into this particular incident.

Speaking to MarketWatch, Ed Mierzwinski, consumer program director at the U.S. Public Interest Research Group, muses: “If this database was less well-protected than the credit bureau database, why?”  Conversely: “If it was well-protected, are all 200 million credit bureau files at risk?”

More and more organizations are finding themselves targets for hackers, who are always gaining the confidence to go after bigger fish.  It’s not surprising.  The Office of Personal Management breach highlighted the vulnerability of people’s data at the federal level; and even more recently, of smaller scope but no less magnitude, we how possible it is for a few teenagers to hack into the email account of the CIA’s director, John Brennan.  I bet that’s something Marty didn’t read in the headlines.  Doing nothing more than posing as a Verizon technician and tricking another employee into giving up Brennan’s personal information (like his four digit PIN) was all it took for the hacker to take control of the director’s AOL account, calling AOL and providing them with the pertinent info.  From there, he was able to access several sensitive government documents that Brennan had forwarded from his work email to his personal account (so they claim, though it appears no classified information was revealed).  I’m not going to go into specifics or any personal details (though the same can’t be said of WikiLeaks), but contained within the files were the names and Social Security Numbers of several U.S. intelligence officials, so more than one individual was affected here.

It’s a little unnerving, the ease with which infiltrations like this can occur.  It becomes particularly worrisome when we’re talking about credit agencies, which hold, as stated, information on hundreds of millions of consumers, especially considering that opting out of an Experian credit check is not an option.  Will free credit monitoring be sufficient for victims of a breach?  Senator Sherrod Brown (D-Ohio) has called for Experian to offer free credit freezes, which are more effective than monitoring but also more expensive.  For my money, the larger the vault, the better the protection should be.

If not, the lawyers, who we have not in fact abolished, will be busy.

By: Jonathan Weicher