In a prior blog entry, I discussed IBM's data breach which affected an undisclosed number of current and former IBM employees. IBM offered its ID-theft victims one year of free credit monitoring with Kroll. This offer seemed attractive since prices range from "$50 to $200 per year" for a credit monitoring service. I signed up for Kroll's service in June to judge what Kroll provides -- and what IBM arranged.
Other ID theft victims are judging Kroll, too. DCG wrote the following comment about the credit-monitoring service IBM arranged with Kroll:
"I'm an EX IBM'er also. I enrolled in this service.. It's a negotiated down version that's specific to IBM. They normally provide you with copies of your credit report from all 3 agencies. The deal with IBM does not provide this. Once you enroll, they need to "baseline" your credit - that means that they need to establish what lines of credit exist right now. If your ID is stolen already, you're screwed. It'll take 1-3 months from the date of enrolling before "Theftsmart" will start generating reports. There is zero data in my account right now.. Lovely service, eh?"
When I checked my Kroll account, I noticed that mine was empty, too. When I compared my Kroll account to another credit monitoring service I've had since 2004, Kroll's service seems (so far) insufficient with far less information. For example, my other credit-monitoring service provides the full text of my credit reports from the three national credit bureaus, plus a lot more detailed information about my credit status. My Kroll account doesn't.
If DCG's comments are true, then IBM has taken a huge shortcut -- the cheap route by arranging a watered-down version of Kroll's services. I am trying to keep an open mind... to continue comparing my two credit monitoring services. In a future blog entry, I'll share my findings.
For a different opinion, a reader at radioAe6rt posted these comments about Kroll:
"You’re lucky that IBM chose the best IMHO. If you check out [Kroll's] coverage, I believe that you will find that it also is a UNIQUE restoration coverage, in addition to having a monitoring benefit. In a data loss of non public information, IBM or any other company or organization, is liable for your losses plus fines under FACT. If a financial fraud is not contested within 60 days of the bill being mailed, then under FTC Regulation E, you owe that amount, even if it was mailed to a fake address. The average financial identity theft is over $93,000 and under FACTA, the company or organization is liable for that loss if the NPI data loss cause your identity theft. The few bucks they might save on a cheap MONITORING ONLY coverage, is minor compared to losing almost $100,000 per person. (Otherwise Penny wise, pound foolish)"
I will verify this reader's comments in future blog entries. More importantly, I get the impression that IBM's offer of free credit monitoring makes it easy for IBM to shift the liability for its data breach to the data breach victim. The logic: we've given you credit monitoring... if the victim doesn't check their credit, then it's their fault. I find this insulting... let's remember that IBM caused the problem in the first place by exposing personal data for an undisclosed number of employees.
This reader also wrote:
"To large companies they [Kroll] offer a coverage similar to what we offer to individuals. Kroll is the only company which I know of that offers a TRUE “RESTORATION” coverage which does virtually all the work to RESTORE your identity or your spouse or significant other. The next best thing is a “RESOLUTION” coverage which is often advertised to sound like a “restoration” coverage. The next best thing gives you advise, but the victim does all the work for an average of OVER 600 hours of a trial and error that can turn into a nightmare. Almost 1/3 (27%) of those who do-it-themselves FAIL and never get their identity fixed, even after 5, 10, or more years. A restoration coverage has experts do virtually all the work to restore your identity by you just giving them a limited power of attorney to do the WORK FOR YOU, if a ID theft is discovered. The victim will still need to file a police report and maybe appear in court."
"Kroll’s EXPERTS include former FBI and CIA agents, former law officers, forensic accountants, lawyers, etc. They are a 34+ year old publicly traded company with over 4,000 employees worldwide. They have been fighting identity theft for many years before the public became aware of it for the big corporations which are being hit. Then they decided they need to help those on the family side of identity theft. Most of the Identity theft services out there are only “monitoring” service either owned directly by the three main credit repositories (aka credit bureaus), or an affiliate who is reselling the services of these 3 companies. They may be offering the service under another name. I can send you more details about why restoration is the ONLY wise choice, and it can cost less than just a simple monitoring service. Ironically, a monitoring service can cost you DOUBLE what you can get the best KROLL coverage for at a discount, if the monitoring service charges full price to monitor each person in a couple."
Is this reader a Kroll employee or a paid consultant? I wonder.
Anyway, I can tell you this: I do not work for, nor am I affiliated with any computer manufacturing, software development, credit bureau, credit investigations, credit attorney, credit monitoring, or credit-consulting companies. You can rely on the fact that I've Been Mugged is independent. I've Been Mugged operates independently so my blog entries aren't tainted by corporate interests or hired consultants.
Like most other ID theft victims, I'm just an individual consumer trying to navigate a complicated ID-theft landscape which is full of potholes and detours. I am willing to ask the hard questions. I hope that you are, too.
What do you think of Kroll's services? If you are an IBM data breach victim, have you signed up for Kroll? Why or why not?
Next entry: Identity Theft Humor