By now, news of the Experian/T-Mobile hack has traveled far and wide, stirring up public ire and prompting demands for a broader investigation around the data breach. And while the event is just one of many high profile compromises to make headlines lately, it stands out from the rest for a number of reasons. How does the rising tide of cyber threats impact consumers in a world that revolves so heavily around credit?
It’s worth mentioning that the big three credit reporting agencies—Equifax, TransUnion, and Experian—have all been breached on numerous occasions in recent years. The latter of the three, however, seems caught up in repeat offenses: last year, a breach at an Experian subsidiary exposed the social security numbers of 200 million Americans, prompting law enforcement to launch an investigation across 4 states. And in 2011, Experian’s databases were again compromised, resulting in the theft of consumer credit reports and notifications sent out to victims in six states: Maine, Maryland, New Hampshire, New Jersey, North Carolina and Vermont.
As one of the world’s largest and most important data brokerages, Experian is responsible for a large segment of the consumer population’s financial fitness. Many of the recent data breaches involve Experian partners, not the credit bureau behemoth directly—but there’s arguably little difference in the outcome. In fact, cyber criminals are increasingly targeting 3rd parties connected to credit reporting agency’s data stores as an easy attack vector—the latest Experian/T-Mobile hack being the most prominent incident to date, impacting 15 million customers of the mobile telecom giant.
T-Mobile USA’s CEO John Legere was quick to respond in an open letter to customers regarding the data breach.
“I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.”
Suffice to say, Mr. Legere—along with 15 million other Americans—is less than pleased with Experian’s data security standards.
Richard Blumenthal—Connecticut Senator and former attorney general with a track record of investigating credit-rating agencies—had this to say regarding the domino effect of credit agency/3rd party data breaches:
“This is profoundly important, because it illustrates a growing problem when it comes to data breaches and security—the chain is only as strong as its weakest link. If their customers have inadequate security practices, so do the credit bureaus.”
In a move that many critics view as adding further insult to injury, Experian offered two free years of credit monitoring services (a service that Experian owns) to victims of the data breach. And—wait for it—Experian also peddles its own brand of cyber insurance.
Repeat data breach offenders that consistently fail at providing ample IT security may be nearing their day of reckoning, as legislation holding them accountable is reportedly materializing. In the interim, credit agencies should perhaps be held liable for poor cyber security credit, just as the average consumer is penalized for unscrupulous fiscal practices. Of course, all this can be avoided with the proper security mechanisms in place— to this end, UpGuard automatically monitors enterprise IT environments for vulnerabilities and security gaps that commonly lead to data breaches.
All the information needed to perform a CSR assessment is bundled into the UpGuard platform. Learn more about CSR.
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.