Experian notifies consumers of a breach. Again.
Once again, Experian is notifying some consumers of a breach that resulted in their credit reports being accessed by criminals. The breach occurred on May 14.
In this case, the client whose login credentials were compromised and used to access Experian’s database was the Bluegrass Community Federal Credit Union in Ashland, Kentucky. Experian and law enforcement are reportedly investigating how that compromise occurred.
The consumers being notified were advised to check their credit reports, remove their name from mailing lists for pre-approved offers for six months, and add a security alert to their credit report with the three major brokers: Experian, TransUnion, and Equifax.
The four New Hampshire residents who were notified were also offered two years’ complimentary enrollment in Experian’s own product, ProtectMyID.
What’s notably missing from Experian’s notification to the state and those affected is any statement as to what Experian is doing or will do to prevent this type of thing from happening again.
As regular readers here know, this type of breach – where client login credentials are compromised and used to access Experian’s credit report database – has happened over 100 times by now. And that’s just the cases this blogger knows about; there may be many more that I will have not and would not uncover because many states have no centralized repository for data breach reports and/or do not mandate reporting of such breaches to the state.
In April 2012, this blogger/privacy advocate filed a complaint with the FTC over Experian’s repeated data security breaches. That complaint also mentioned – and has been updated to include other Experian breaches since then.
The FTC has yet to announce any action or response to that complaint.