Brian Krebs has a mind blowing story on his website that you simply must read. It revolves around consumer credit reporting bureau Experian and an issue that Krebs found and reported to the company. Here’s the TL:DR of what happened from the story:
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.
The implication of this is staggering as this information could be used to launch all sorts of identity theft campaigns. Which is not only bad, but the worst case scenario possible. And the fact that only this week Experian told consumers is an absolute #fail.
Jack Nichelson, CISO of Inversion6 added this commentary:
The fact that Experian waited over seven weeks before notifying customers of the security risk is a serious concern. This delay in notification put customers at risk of identity theft and financial loss. By waiting so long to notify customers, Experian gave identity thieves ample time to access and potentially misuse customer information.
Furthermore, the fact that the security vulnerability persisted for nearly a month is also a cause for concern. This indicates that Experian’s security systems were not effectively detecting or addressing the issue in a timely manner.
This incident highlights the importance of prompt and transparent notification in the event of a security breach. Customers have a right to know if their personal and financial information has been compromised so they can take steps to protect themselves. Additionally, this incident raises questions about the effectiveness of Experian’s security systems and the company’s overall commitment to data privacy and security.
What needs to happen here is there needs to be an investigation from the appropriate government agencies as to the behaviour of Experian in this case. Because quite frankly this is unacceptable and needs to be addressed in the strictest possible way.
Like this:
Like Loading...
Related
This entry was posted on January 26, 2023 at 11:44 am and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An Experian Glitch Exposed ALL Consumer Credit Files For SEVEN WEEKS Was Only Brought To The Attention Of Consumers This Week… WTF?
Brian Krebs has a mind blowing story on his website that you simply must read. It revolves around consumer credit reporting bureau Experian and an issue that Krebs found and reported to the company. Here’s the TL:DR of what happened from the story:
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.
The implication of this is staggering as this information could be used to launch all sorts of identity theft campaigns. Which is not only bad, but the worst case scenario possible. And the fact that only this week Experian told consumers is an absolute #fail.
Jack Nichelson, CISO of Inversion6 added this commentary:
The fact that Experian waited over seven weeks before notifying customers of the security risk is a serious concern. This delay in notification put customers at risk of identity theft and financial loss. By waiting so long to notify customers, Experian gave identity thieves ample time to access and potentially misuse customer information.
Furthermore, the fact that the security vulnerability persisted for nearly a month is also a cause for concern. This indicates that Experian’s security systems were not effectively detecting or addressing the issue in a timely manner.
This incident highlights the importance of prompt and transparent notification in the event of a security breach. Customers have a right to know if their personal and financial information has been compromised so they can take steps to protect themselves. Additionally, this incident raises questions about the effectiveness of Experian’s security systems and the company’s overall commitment to data privacy and security.
What needs to happen here is there needs to be an investigation from the appropriate government agencies as to the behaviour of Experian in this case. Because quite frankly this is unacceptable and needs to be addressed in the strictest possible way.
Share this:
Like this:
Related
This entry was posted on January 26, 2023 at 11:44 am and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.