Bloomberg: Bank Hackers Stole Experian Credit Reports
The hackers used a bank's Experian account password to access 847 credit reports.
According to Bloomberg's Jordan Robertson, hackers who accessed a computer at Abilene Telco Federal Credit Union in September 2011 were able to steal the bank's Experian account password and download credit reports on 847 people, including their Social Security numbers, birth dates and detailed financial information.
"The incident is one of 86 data breaches since 2006 that expose flaws in the way credit-reporting agencies protect their databases," Robertson writes. "Instead of directly targeting Experian, Equifax Inc. and TransUnion Corp., hackers are attacking affiliated businesses, such as banks, auto dealers and even a police department that rely on reporting agencies for background credit checks. ... This approach has netted more than 17,000 credit reports taken from the agencies since 2006, according to Bloomberg.com’s examination of hundreds of pages of breach notification letters sent to victims."
"Jay Foley, a partner with the consulting firm ID Theft Info Source, told Bloomberg that the volume of seriousness of the breaches raises concerns that credit bureau haven't invested enough in anti-fraud technologies capable of drawing attention to suspicious behaviour by their clients," writes The Register's John Leyden.
"Not only is it time for Congress to enact legislation that creates a national repository of data breach notices that is available to the public on the Internet, but it’s time for Congress to enact legislation that requires more detailed disclosures in breach notices and sets a federal floor for breach notification that is at least as strong as the strongest state laws for breach notification," DataBreaches.net reports. "And some might argue that it’s time for Congress to enact data security standards that incorporate statutory penalties as an incentive for entities to do a better job of protecting consumers’ data. We do not choose to have our data in many of these databases and we are generally given no way to opt out. As consumers, we are at the mercy of their data security. And we need more protection."