In the past several years, hackers have focused many of their attacks on credit rating agencies because of the wealth of information these companies keep on consumers, and experts say it's becoming a real cause for concern.
Data shows that since 2006, more than 17,000 consumers in just six states across the country have been affected by hacking attacks against the three major credit reporting bureaus, according to a report from Bloomberg News. However, it's likely that these attacks are far more effective than that, as the incidents in the six states in question (Maine, Maryland, New Hampshire, New Jersey, North Carolina and Vermont) were only uncovered through public records requests.
For their part, the credit bureaus mostly say that they can do little to protect consumers from data breaches, especially because it wasn't their servers that were compromised, the report said. For example, in a data breach suffered by Abilene Telco Federal Credit Union last year, hackers didn't gain direct access to consumers' credit information, but rather uncovered the institution's login data for running credit checks on consumers through Experian. As such, they were able to download the credit documents for 847 people who never did business with the credit union, including their Social Security numbers, dates of birth and financial information.
Even though credit bureaus say they have little to do with these breaches and don't have the ability to meaningfully protect every bit of consumer data, the problem has certainly come to a head, the report said. Both houses of the U.S. Congress have begun full investigations into the way in which these bureaus compile, use and share consumer data, because the amount they control is massive. Experian alone has data on more than 740 million people.
"This is profoundly important, because it illustrates a growing problem when it comes to data breaches and security –the chain is only as strong as its weakest link,” Senator Richard Blumenthal of Connecticut, who once served as an attorney general, told the news agency. "If their customers have inadequate security practices, so do the credit bureaus."
Ondrej Krehel, chief information security officer for IDentity Theft 911, has a blog about the ways in which hacking attacks can compromise consumers' private personal data.
Data shows that since 2006, more than 17,000 consumers in just six states across the country have been affected by hacking attacks against the three major credit reporting bureaus, according to a report from Bloomberg News. However, it's likely that these attacks are far more effective than that, as the incidents in the six states in question (Maine, Maryland, New Hampshire, New Jersey, North Carolina and Vermont) were only uncovered through public records requests.
For their part, the credit bureaus mostly say that they can do little to protect consumers from data breaches, especially because it wasn't their servers that were compromised, the report said. For example, in a data breach suffered by Abilene Telco Federal Credit Union last year, hackers didn't gain direct access to consumers' credit information, but rather uncovered the institution's login data for running credit checks on consumers through Experian. As such, they were able to download the credit documents for 847 people who never did business with the credit union, including their Social Security numbers, dates of birth and financial information.
Even though credit bureaus say they have little to do with these breaches and don't have the ability to meaningfully protect every bit of consumer data, the problem has certainly come to a head, the report said. Both houses of the U.S. Congress have begun full investigations into the way in which these bureaus compile, use and share consumer data, because the amount they control is massive. Experian alone has data on more than 740 million people.
"This is profoundly important, because it illustrates a growing problem when it comes to data breaches and security –the chain is only as strong as its weakest link,” Senator Richard Blumenthal of Connecticut, who once served as an attorney general, told the news agency. "If their customers have inadequate security practices, so do the credit bureaus."
Ondrej Krehel, chief information security officer for IDentity Theft 911, has a blog about the ways in which hacking attacks can compromise consumers' private personal data.
