Consumer Financial Protection Bureau Director Richard Cordray warns, "your information is always at risk, every day."
Last
month, a nationwide beauty products chain discovered a breach in its payment
systems and a fresh batch of 282,000 stolen credit and debit cards reportedly
went on sale in a popular underground crime store.
Also
last month, Indiana University reported that information including names,
addresses and Social Security numbers of those who attended any of the
university’s campuses from 2011 to 2014 was unsecured for more than 11 months
because security protections weren’t working correctly. Purdue associate professor of communication Josh Boyd states, “The recent security breaches at IU, at
Target, and the NSA revelations, I think are a good reminder that the online
environment involves no guarantees. If
you put information online and somebody really wants it, it’s vulnerable.”
About
the well-publicized Target security breach during last year’s Christmas
shopping season, Purdue professor of cyber forensics Marcus Rogers warns, "People have to be vigilant for
the next six months, year, even up to two years.”
The
ProtectMyID credit montoring service offered by Target is a product of
Experian, a credit reporting agency, and monitors
changes only to a consumer's Experian credit report. According to Consumer Reports, “The service can give consumers a false
sense of security, and Consumer Reports can recommend this deal in its present
form only as being better than nothing, and only for consumers who understand
its significant shortcomings.”
Last
month, Credit Karma settled with the Federal Trade commission on
charges that the company “failed to take reasonable steps to secure” its mobile
apps, “leaving consumers’ sensitive personal information at risk.” The company
offers a “free” credit score based upon a consumer’s TransUnion credit report.
“Credit
bureaus use many different scoring models, even within the same credit bureau.
Each bureau can use dozens of different credit score models based on the
requirements of different lenders,” Credit
Karma explains. “Each credit score
model has a slightly different formula that takes into account over 200
different factors of your credit report.”
The company also notes, “Because there are hundreds of credit scores
that measure many different probabilities, consumers should not be overly
concerned with the type of score or even their number.” An acquaintance has offered to share her
Credit Karma experience that may shed some light on how the company produces
revenue so it can offer the “free” service.
The Indiana Attorney
General informs consumers how to place
a security freeze with Equifax, Experian, and TransUnion. The Attorney General has also produced an ID Theft Victim Kit that outlines the steps to follow if a
consumer becomes aware that personal information has been stolen or used by
someone else.
The
use of a credit monitoring service cannot prevent ID theft, and it appears that
in some cases it may even increase the risk.
To monitor your own reports, order them through www.AnnualCreditReport.com, check
for accuracy, and make sure that any errors are corrected.
If
you’d like an estimated credit score, use a credit score estimator in which you do not disclose
personally-identifying information.
RELATED NEWS:
Today the Federal Trade Commission (FTC) announced that two data
brokers, Instant Checkmate, Inc., and InfoTrack Information Services, sold
consumer data in violation of the Fair Credit Reporting Act (FCRA).
The FTC alleges that Instant Checkmate
violated the FCRA by failing to maintain reasonable procedures to ensure that
those using its reports had permissible purposes for accessing them; furnishing
reports to users that it did not have reason to believe had permissible
purposes to access them; failing to follow reasonable procedures to assure that
its reports were as accurate as possible; and failing to provide FCRA-mandated
“User Notices” outlining several important consumer protections.
InfoTrack allegedly provided inaccurate
information suggesting that job applicants potentially were registered sex
offenders, possibly causing employers to reject their job application. Other charges include failing to notify consumers
when the company had provided public record information about them that is
likely to have an adverse effect upon their ability to obtain employment.
