The credit-monitoring service was criticized several months ago at
Krebs on Security:
An identity theft service that sold Social Security and drivers license
numbers — as well as bank account and credit card data on millions of
Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity...
These services specialized in selling “fullz” or “fulls,” a slang term
that cybercrooks use to describe a package of personally identifiable
information that typically includes the following information: an
individual’s name, address, Social Security number, date of birth, place
of work, duration of work, state driver’s license number, mother’s
maiden name, bank account number(s), bank routing number(s), email
account(s) and other account passwords. Fulls are most commonly used to
take over the identity of a person in order to engage in other fraud,
such as taking out loans in the victim’s name or filing fraudulent tax
refund requests with the IRS...
Experian rebutted the allegations, and Krebs has recently
replied to their rebuttal.
In summary, Experian wants you to remember that the consumer data
sold to Ngo’s identity theft service didn’t come directly from its
database, but merely from the database of a company it owns. But
happily, there is no proof that any of Ngo’s customers — who
collectively paid Experian $1.9 million to access the data — actually
harmed any consumers.
Readers who find all of this a bit hard to swallow can be forgiven:
After all, this version of the facts comes from a company that has been
granted a legal right to sell your personal data without your consent
(opting out generally requires you to cut through a bunch of red tape
and to pay them a fee on top of it). This from a company that is
quibbling over which of its business units profited from the sale of
consumer records to an identity theft service.
No comments:
Post a Comment