It seems that data breaches are becoming more and more common recently, in the last week there have been two more high profile cases with both Experian & Scottrade officially announcing that their systems have been compromised.
Experian/T-Mobile
On October 1st Experian confirmed that personal information of approximately 15 million consumers that applied for a T-Mobile post-paid services from Sept. 1, 2013 through Sept. 16, 2015. The following information was stolen:
- Name
- Address
- Social Security Number
- Date of Birth
- Identification number (typically a driver’s license, military ID, or passport number)
- Additional information used in T-Mobile’s own credit assessment were accessed
No payment card or banking information was stolen. If you information was accessed during this breach, you’ll be notify by mail and also have access to two years of free credit monitoring and identity theft resolution from protectmyid (this is required by law in the event of a data breach). You can access this at the following address:Â http://www.protectmyid.com/securityincident
Given that Experian specializes in compiling and maintaining data like this, it’s extremely worrying that somebody was able to access this information on their servers. I’d be surprised if T-Mobile continues to use Experian in the future, with a letter from their CEO stating:
Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected
Scottrade
Scottrade’s data breach goes back much further, they recently released a statement that says that the personal data of approximately 4.6 million past & present Scottrade customers was accessed in late 2013/early 2014. They believe that the attackers were primarily focused on the names and addresses of Scottrade customers, although other information (such as Social Security Numbers) was stored on the same server that was accessed. Scottrade said they had no reason to believe that the trading platform or client funds were compromised in anyway.
Scottrade will provide one year of free credit monitoring through AllClearID, details of how to sign up will be included in the direct correspondence that Scottrade sends to customers that are affected.
What Should You Do
Even if you’re not the victim of one of these data breaches, you should always keep an eye out for suspicious behavior when it comes to your identity. There are a few simple things you can do:
- Use a free credit monitoring service to ensure nobody is using your identity to get credit in your name
- Regularly check your credit reports for anything unusual
- Always shred documents that contains personal information
- Follow up on anything that seems or looks suspicious
All of the really sensitive information in both cases (e.g social security numbers) was encrypted, which is a good thing but it’s amazing the damage people can do with such a little amount of information. I would have thought and hoped that two companies in the financial industry would have much better security than they apparently did.
Yey for more free credit monitoring…
I think I’ll freeze all credit reports. Sure, it’s a pain when churning, but it’ll just think of it as a necessary step, or the cost of keeping my information and financial information more secure.
Companies should be required to pay damages – period. This would put PROACTIVE responsibility on their shoulders, so that they must preventively upgrade their inadequate security BEFORE breaches happen. The current system is simply a proft-driven system: why invest more in security if nothing is forcing us to do this. Only invest when/if a breach occurs. Secondly, when a breach occurs, the only punishment is to provide free credit monitoring. There are no laws regarding this free credit monitoring. So like anything else, the free credit monitoring is put out to bid, and the provider with the lowest bid wins. Quality or thoroughness is not rated. Only price. So you get the same cheap crappy provider winning all of the bids from breaches affecting Home Depot, Anthem, T-mobile, etc. Consumers should be able to CHOOSE their free credit monitoring provider as a minimum. The whole system is a joke remedy.
The free All-Clear ID protection is a joke. All it does is monitor your credit reports for hits. I have it through an earlier data breach with my insurance. It has a clunky call you and then you call them back ID verification system. And, all of this so that you can say, yes, I did apply for that credit card. And, it has missed applications that showed up on CreditKarma/Quizzle/Sesame. The only reason to sign up for it is if they offer some sort of fix-it if your ID is actually stolen…
The pimps and whores in Congress could take their responsibility seriously and pass laws so that companies take their responsibility seriously. Right now there is not much downside to data breaches.
Not only that, a lot of Americans in general are smug assholes. When you express hesitation sharing personal information they will be either dismissive (making our jobs harder) or put up false bravado (breach won’t happen to us)
Sorry shouldn’t say a lot of Americans, should say (not a few people handling sensitive data)
Also there is general tendency to ask for more data than required. Personal Data should be need to know only. There should be laws about this.
Europeans are much better. I am amazed how much the American government screws it’s people in favor of for profit corporations.
So in Europe they don’t verify the identities of post-pay Cell phone users or people that trade stocks?
Thanks for this post. Missed reading you the last few days. This is absolutely my favorite manufactured spending blog