Experian Credit Firm Hacked
-
@Dashrender said:
Without the credit agencies, how do other countries do credit checks?
Credit checks aren't such a part of daily life elsewhere. They probably have something like that, they probably also have laws about misrepresenting people that the US lacks. In the US, there is no federal ID system so nothing to base anonymous credit on!
-
@coliver My point is that they are putting people at risk, by not only running these kinds of businesses but also avoiding best practice, one such best practice Updating for Security Patches.
Which without any more details I can almost guarantee that is what they didn't do.
-
This is ridiculous. Of all companies, someone like Experian should have incredible security measures in place.
-
We can only hope that the penalties are severe. The problem here is that the free market will not regulate this because the people who are put at risk are not the people who choose to let their data be collected and exposed by the service. So there is no means by which anyone can protect themselves, not even by avoiding the company.
-
@Reid-Cooper said:
This is ridiculous. Of all companies, someone like Experian should have incredible security measures in place.
Their security measures are a joke. A few years ago I tried to obtain annual credit report for my wife, and couldn't do it online. I had to verify her identity over the phone. So I called one of the credit bureaus, and pretended to be my wife. The only questions they asked me was about some credit cards she had. And apparently I did a crappy job faking female voice, because at the end of the call the guy call me sir.
I can only imagine that a bit of social engineering, and someone convinced some of theirs (not the brightest) employees to install some malware. Mission accomplished. -
@marcinozga said:
@Reid-Cooper said:
This is ridiculous. Of all companies, someone like Experian should have incredible security measures in place.
Their security measures are a joke. A few years ago I tried to obtain annual credit report for my wife, and couldn't do it online. I had to verify her identity over the phone. So I called one of the credit bureaus, and pretended to be my wife. The only questions they asked me was about some credit cards she had. And apparently I did a crappy job faking female voice, because at the end of the call the guy call me sir.
I can only imagine that a bit of social engineering, and someone convinced some of theirs (not the brightest) employees to install some malware. Mission accomplished.I did a similar thing with a co-worker a few years ago but with Verizon. He needed to switch his phone and asked me if I could do it. They needed verification from his wife since she was on the account also. So they had her get on to confirm and she thought I was him! At the time we had a good laugh about it, but it's scary seeing how easy it is to get past these measures.
-
I've mistaken MYSELF for other people when I have heard a recording of myself.
