Data Breach At Experian Credit Reporting Service
Monday, May 21, 2012
Experian has notified the New Hampshire Department of Justice of data breach where unauthorized third parties may have obtained consumers credit reports. The company discovered the breach in February 2012 and began notifying affected consumers on May 17, 2012.
The breach notice did not disclose the number of consumers affected. The unauthorized access occurred between November 2010 and March 2012. An investigation into the breach was conducted including the analysis of computer logs. In its breach notice, Experian stated:
"... we do not believe that any third party obtained access to any specific data elements that are covered by the New Hampshire security breach law because those data elements (e.g., financial account numbers) were redacted or truncated on any credit report disclosure..."
New Hampshire is one of about 46 states that require entities (e.g., companies and state agencies) to notify both the state and affected residents in each state whose personal information archived by that entity was lost, stolen, or accessed by unauthorized persons.
In its breach notice to consumers, Experian stated:
"While any consumer report will contain public information like name and address, Experian masks or displays only partial social security numbers, birth dates, and account numbers, so they are not identifiable and cannot be abused."
This is troublesome because, a) the breach went undiscovered for a long time, 16 months; b) partial social security and bank account numbers, partially masked, and c) the extremely sensitive personal and financial information contained in consumer credit reports.
Experian placed fraud alerts on the files of breach victims, and, of course, is offering breach victims two years of fee credit monitoring services through its ProtectMyID service.
Experian is one of the three larges credit reporting agencies. The other two are Equifax and TransUnion. Experian also operates the Triple Alert and FreeCreditReport.com websites. In 2010, the U.S. Federal Trade Commission changed the disclosre rules for web sites offering free credit reports. Consumers should know that the official webiste for truly free credit reports.
Experian's claim is Not true - somehow the data is being used and resulting in charges to peoples credit cards at their banks - including charges TO EXPERIAN !
Posted by: J Waters | Wednesday, May 23, 2012 at 12:03 AM
I second the comment above. I do not have an account with Experian, yet somehow my debit card was authorized for $19.95 by some guy I've never heard of. I've canceled my debit card and have requested a new one from my credit union. This makes me very nervous! Experian did credit my account and reported the charge to their fraud dept. What's even stranger? I was just telling my story to a coworker and he pulls out his Citibank statement and he has 2 charges for $19.95 from Experian! There has been a huge breach and someone isn't telling the whole truth!
Posted by: Askssk715 | Monday, June 18, 2012 at 11:08 AM
I just contacted experian last week about 2 fraudulent charges to my credit card. They credited it back to me and put an alert on my account. Today, my sister found 2 fraudulent charges to her credit card and is currently on the phone with them.... doesn't seem like there was no harm to me.
Posted by: sharp21 | Tuesday, July 03, 2012 at 09:20 PM
Just when we thought we could rebuild our credit score post-bankruptcy by utilizing the FCRA (fair credit reporting act) something else to worry about. That worry is CAIVRS - Credit Alert Verification Reporting System.
Posted by: attorney houston | Saturday, August 25, 2012 at 05:28 AM
There is no lock to resist to a thief ! That's the way it is. Credit card companies are searching all the time new systems to protect their clients from fraudulent charges, but thieves do always find new breaches.
Posted by: chantal | Tuesday, September 04, 2012 at 05:30 AM
This is true that the breach notice did not disclose the number of consumers affected. The unauthorized access occurred between November 2010 and March 2012.
Posted by: john | Saturday, September 29, 2012 at 07:43 AM
That’s true that Experian is one of the three largest credit reporting agencies, however there are three different credit reporting companies. These all three different credit reporting agencies are really good and provide exact reports to the consumers.
Posted by: John Martin | Wednesday, October 31, 2012 at 09:18 AM
The company has really discovered a very new breach. Now Experian can also provide data breach services. In this blog post you have also explained about the details of New Hampshire. I think this this new breach can be really beneficial.
Posted by: Peter | Tuesday, November 20, 2012 at 07:30 AM
I see the greatest contents on your blog and I absolutely love reading them.
Posted by: grahamgoch | Wednesday, February 13, 2013 at 05:35 AM