Consumers may erroneously assume data brokers and credit reporting agencies have top-notch data security for all the sensitive and important data they store about us. To the contrary, these brokers and firms pose a huge risk to our data security. Investigative reporter Brian Krebs did an exposé last year on Experian. His follow-up post now is a chilling reminder of why consumers need to remain ever-vigilant and periodically check our credit reports to see if we spot any suspicious entries.
Krebs reports this week:
I recently ordered a copy of my credit file from Experian via annualcreditreport.com, but as usual Experian declined to provide it, saying they couldn’t verify my identity. Attempts to log in to my account directly at Experian.com also failed; the site said it didn’t recognize my username and/or password.
A request for my Experian account username required my full Social Security number and date of birth, after which the website displayed portions of an email address I never authorized and did not recognize (the full address was redacted by Experian).
The homepage said I needed to provide a Social Security number and mobile phone number, and that I’d soon receive a link that I should click to verify myself. The site claims that the phone number you provide will be used to help validate your identity. But it appears you could supply any phone number in the United States at this stage in the process, and Experian’s website would not balk.
Read more at KrebsOnSecurity.com.