Back to the Breach — or “Who Watches the Watchmen?
Experian, one of the three primary credit reporting agencies, plays a significant role in determining your individual FICO score. In addition, they provide various “credit monitoring” services to address cybersecurity breaches or unauthorized access to your information.
Now comes news, right after last week’s AVPS newsletter went out, that Experian themselves have been hacked. The hack specifically involved T-Mobile prepaid customers. As the New Yorker reports, that breach “included access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services or products, which require a credit check, from Sept. 1, 2013 through Sept. 16, 2015.”
What Kind of Personal Info?
Well, as the article also notes “although no financial information was stolen in the T-Mobile breach, the completeness of the data that was acquired is akin to a Lego set for an identity thief. The fraudsters can set up new lines of credit or file for phony tax refunds in our names, and there isn’t much we can do about it. The cybersecurity consultant Bryan Seely told the Seattle Times that, on a scale of one to ten, this breach rates a seven, because it included fifteen million Social Security numbers, along with names and addresses. You can’t reissue Socials that easily,’ he said. Over the weekend, the e-commerce security firm Trustev claimed that it had found data sets from the Experian hack (were already) for sale on the dark Web.”
As the article continues (and like many reads in the New Yorker, this one is also worth your time): “Systems that genuinely protect data do exist, but more often than not companies have not made upgrades to their hardware and software infrastructures that would allow them to prevent breaches, detect them when they occur, and limit damage. The relevant practices might include robust data encryption; two-factor authentication for customers and employees; the virtualization of networks at all levels, including applications and data; and adequate monitoring, so that breaches can be addressed quickly.
“While it can be costly for businesses to put such systems in place, the pervasive failure to do so is harming the economy broadly.”
Which brings us to our second, and follow-up, item: How, you may wonder, is the EMV adaptation going, a week after deadline?
Cybersecurity Breaches and EMV Adaptation: A Week After Deadline
The PaymentsSource website ran an overview on who was ready, and who was not. And still, too many small merchants are not: “”A big portion is because the merchants don’t understand the risk associated with this,” said Wade Barnes, director of retail banking at 1st Mariner Bank in Baltimore.
“One of his bank’s customers is a bar that is not going to upgrade because its owner sees no reason to do so since the business has not experienced any losses. ‘We remind them that, you wouldn’t know of any losses because in today’s world, it comes directly back to the bank,’ Barnes said. ‘Moving forward, that liability will be on the merchant if the customer presents an EMV card. They don’t realize what the impact is going to be to them. I don’t think most merchants understand the amount of fraudulent transactions that actually happen.’”
According to the New Yorker, “Eight hundred breaches in one year (the 2014 figure) is a pretty good indication that the status quo isn’t working.”
So get your status quo working, upgraded, and fortified. Who Watches the Watchmen, as the old translated-from-Latin saying has it? Well, we’re “watching” and staying on top of everything — and we can help you do that.