SC’s Data Security Company Also Got Hacked
JUST HOW SAFE IS EXPERIAN? AND WHY IS SOUTH CAROLING PAYING THEM?
South Carolinians by the tens of thousands are signing up with Experian – one of the nation’s largest credit reporting firms – to protect their data in the wake of an unprecedented security breach at the S.C. Department of Revenue (SCDOR). In fact the state of South Carolina is paying (up to $12 million) to cover the costs associated with this protection – even though Experian is likely to make millions in recurring business off of the deal.
But will such a move do anything to make our state’s data safer?
And just how safe is Experian?
On October 29 – just three days after S.C. Gov. Nikki Haley first alerted Palmetto State residents that their personal information had been compromised – a Bloomberg report revealed that Experian’s network was also recently exposed to hackers. The company itself wasn’t hacked, but a Texas credit union – Abilene Telco – was breached (giving the hackers access to the bank’s Experian password).
“Cyberthieves broke into an employee’s computer in September 2011 and stole the password for the bank’s online account with Experian,” the Bloomberg report notes. “They took Social Security numbers, birthdates and detailed financial data on people across the country who had never done business with Abilene Telco.”
According to Bloomberg, there have been nearly 90 similar breaches at the major credit reporting agencies over the last six years.
Experian’s response to the breach wasn’t exactly comforting, either, with a company spokesperson telling Bloomberg that its ”first line of defense lies with end users who are obligated to manage and protect their credentials.”
More fundamentally, why is South Carolina paying $12 million to this company? After all, the cost of providing a year of free credit protection is nothing compared to the recurring business that Experian is going to generate as a result of signing up so many new customers.
Also a credit reporting expert told The (Columbia, S.C.) State newspaper this week that it was “negligent on the state’s part” to pay Experian – and that “this is not the best service to have chosen.”
More than 3.6 million Social Security numbers, nearly 400,000 credit and debt card numbers and tax information for up to 650,000 businesses were stolen from SCDOR beginning on August 27 of this year. The breach was never detected by the state – and it wasn’t until October 10 that the U.S. Secret Service alerted state leaders about the intrusion. After that it took Haley’s administration another 16 days to notify the public.
Haley has been roundly criticized for her handling of the breach, including numerous inconsistencies and outright lies included in statements she has made to the press. Haley will also miss an upcoming cyber security panel – scheduled by S.C. Treasurer Curtis Loftis prior to the breach – due to her political schedule.