Friday 9 October 2015

Experian - A World of Customer Info

Okay the title is a little in your face but joking aside this could have serious consequences to Experian. We all (should) know that when dealing with third parties can cause IT Security worries but you can't get away with the 'blame game' anymore. Below is taken from the BBC news website but be good to know people's thoughts...

The Public Interest Research Group (PIRG) have called for a Federal Investigation into Experian, following a major hack at the credit database firm. Experian claims personal data on 15 million T-Mobile US customers was stolen in the breach. The PIRG are backed by 28 other bodies and they fear the hack may have extended to the rest of Experian's credit database which holds personal information about some 200 million Americans, it said.

"A data security breach that affected Experian's credit report files would be a terrifying and unmitigated disaster," it added.

Experian has said the business was "completely separate" from its main credit bureau business, which was "not affected".

But in a statement, PIRG's consumer programme director, Ed Mierzwinski, urged both the Consumer Financial Protection Bureau and the Federal Trade Agency to investigate whether other Experian databases had been breached.

He said: "If the server holding the T-Mobile files was subject to fewer security protections than the full Experian credit reporting database, why?...If it was subject to the same protections as the credit reporting server, doesn't this raise the troubling possibility that the server holding highly sensitive credit and personal information of over 200 million Americans is vulnerable to a data hack by identity thieves?"

Krebs thoughts

Prominent cybercrime journalist Brian Krebs has also raised concerns about Experian's internal data protection policies.

In a blog, published on 8 October, he claimed to have interviewed "half a dozen security experts" who recently left Experian frustrated with its approach.

"Nearly all described Experian as a company fixated on acquiring companies in the data broker and analytics technology space, even as it has stymied efforts to improve security and accountability at the firm," he said.

Experian data has been breached before - such as in 2012, when an attack on an Experian subsidiary exposed social security numbers of 200 million Americans.

Cited and more on this story at BBC News.

No comments:

Post a Comment