New PINs urged for Experian users
credit freeze and then place a new freeze.
People should start by checking their credit reports at Experian to see whether there are fraudulent accounts, said Mike Litt, U.S. PIRG consumer campaign director. “The security flaw appears to be fixed, but Experian still needs to notify consumers of the risk and tell them how to protect themselves.”
However, the company said it has confidence in its protections: “Taking into consideration the layers of security controls we have in place and that there is no risk to credit file data or (information that identifies consumers), we don’t feel it is necessary to replace PINs.”
Along with Equifax, whose breach exposed private information of an estimated 148 million Americans, Experian is one of the three credit agencies that handle huge amounts of consumer and business data. There is no practical way to keep data, such as Social Security numbers, drivers license information and personal finances, from being collected by the agencies.
Experian says it has credit information on more than 220 million people, demographic information on 300 million people, and data on 800 million vehicles and 40 million businesses.
While businesses are the customers of the credit agencies, consumers do have the option of freezing their credit — that is, preventing the opening of new credit lines as a defense against identity theft.
But a report from NerdWallet, an online consumer site, says that for some unknown period, Experian’s website had a flaw that left open the numbers that permit people
“The security flaw appears to be fixed, but Experian still needs to notify consumers of the risk and tell them how to protect themselves.” Mike Litt, consumer campaign director, U.S. PIRG
to freeze their credit.
The Experian system was set up to ask a user four personal questions before allowing them access. However, a user that did not know the answers could click “none of the above” to all the questions and would be given the PIN.
The Irish company, with U.S. headquarters in Costa Mesa (Orange County), says the flaw has been fixed, but has not responded to questions about how long the flaw existed.
Passwords are a crucial part of interplay between consumers and the financial system.
Equifax, which has spent several hundred million dollars improving its infrastructure since the 2017 data breach, says that passwords are largely up to users.
They should not use the same password for different accounts or share them with acquaintances, said Nancy E. Bistritz-Balkan, Equifax vice president. “Make sure that the password is strong.”