*Editorial Note: This content is not provided or commissioned by the credit card issuer. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
This article was last updated Apr 17, 2014, but some terms and conditions may have changed or are no longer available. For the most accurate and up to date information please consult the terms and conditions found on the issuer website.
This week media outlets including Reuters and the Chicago Tribune reported that Iowa and North Carolina have joined Illinois and Connecticut in raising concerns about a data breach involving a subsidiary of Experian. The incident reportedly exposed confidential financial information including the social security numbers of some 200 million Americans.
NBC News quoted a representative of the Illinois Attorney General who referred to it as a multistate investigation. The states involved are trying to determine whether or not businesses took appropriate steps and used sufficient measures to protect the sensitive information. They also want to know if victims whose data was exposed were promptly notified and what the companies involved are doing to proactively protect them from financial harm.
Congressional Reaction and Criticism
As you may know, Experian is one of the “Big Three” credit reporting agencies in the USA. A breach of data of this magnitude at one its own subsidiaries may be the most disturbing aspect of the incident. In response, United States Senator Claire McCaskill of Missouri has expressed her desire for a federal law mandating standard procedures for notifying victims of these kinds of data breaches, and Experian representatives say they support such legislation. Back in December Senator McCaskill heard testimony from Experian executives regarding the data breach.
In a press bulletin from Reuters published this week though, Senator McCaskill criticized how Experian handled the matter.
According to Reuters correspondent Jim Finkle, Senator McCaskill was troubled to learn Experian has recently said it would not be able to notify people whose social security numbers were compromised in the scheme. Finkle’s article said that McCaskill told Reuters by email that she found it “troubling that Experian would wait three months after testifying, only to change their story, all while victims who had their identities stolen remain at risk as a result of this crime.”
The incident involved a Vietnamese man who is awaiting sentencing for crimes related to the data breach. He recently confessed in federal court that he used a false identity to open an account with a company by the name of Court Ventures. Over a period of about 18 months he then used that account to acquire confidential financial information that was, at that time, held by another enterprise known as U.S. Info Search.
A spokesperson for Experian said her company is cooperating with authorities, but she also added that notification of victims was the responsibility of U.S. Info Search. That’s because U.S. Info Search owned the database that was breached. Meanwhile, an executive for U.S. Info Search disagreed. He told Reuters that it was up to Experian to notify consumers since they were the ones who sold the data in question.
What You Can Do
As government officials attempt to sort out the situation as the various parties involved point fingers at one another, consumers want to know whether or not their private data is at risk. Experts recommend that consumers vigilantly monitor their credit card and banking accounts, even on a daily basis, and look for any suspicious charges or activity. You can also sign up for credit monitoring alerts through companies such as LifeLock. The Better Business Bureau also suggests contacting the other two big credit reporting agencies, TransUnion and Equifax, to request that a fraud alert be placed on your individual files.
You should beware, however, that doing so will basically impose a temporary credit freeze on your credit files that can cause long delays if you try to take out a loan. In the meantime, if you suspect that you are a target of identity theft contact your local and state authorities and notify your bank, credit card companies, and the “big three” credit reporting agencies.