No, it’s not one of the monster breaches that Brian Krebs reports on, but the kind of smaller breach I’ve been tabulating wherein Experian fails to adequately protect consumer credit reports from someone stealing or misusing a client’s login.
In its most recent disclosure, dated November 8, Experian reported that individuals’ credit reports were accessed between October 25 and October 28 by someone or parties using the login of one of their clients, Quinn and LaGumina.
As they have done in almost 100 other breach reports of this kind that I have tabulated, they say they are working with law enforcement and investigating, but they do not tell the consumers what they are doing to reduce the long-standing and ongoing problem of people being able to login with others’ credentials too easily. In some cases, the login is not even coming from the same geographical area where the client is located. And the data thieves may not even be trying to access the credit reports during the client’s usual business hours. And yet they get in. Again, again, and again.
And as they have been doing for a while now, Experian offers those affected two years of free credit protection through an Experian service.
Note that neither TransUnion nor Equifax reports anywheres near as many breaches of this kind as does Experian.
But no one has done anything to compel them to improve their security to prevent this recurring problem. The FTC received my complaint in April 2012. Jordan Robertson of Bloomberg News reported on Experian’s breaches. And yet…. nothing?
You can read their latest breach notice here (pdf).