This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.
After a wild year of Equifax recovering from its massive data breach, which exposed personal information of millions of Americans, a new credit reporting bureau is in hot water.
A report by NerdWallet has revealed a serious flaw in Experian’s security system, which was supposed to protect the pins of customers who wanted to unfreeze their credit reports.
Experian explains what a credit freeze is on its website, but issues in its own system allow criminals to do exactly what the company says a credit freeze is supposed to prevent in the first place:
“A security freeze will prevent potential lenders from accessing your credit report, stopping a thief from opening an account or getting credit—even if they have your personal information,” Experian writes.
Experian’s system issued consumers a PIN to access their frozen credit reports. However, if a consumer forgot their pin and wanted to retrieve it, they had to answer a set of security questions. Anyone could potentially access your report because Experian would accept a blanket “None of the above” answer to these questions.
Once someone had access to an account they could unfreeze the credit report and start to open credit cards in customers’ names — pending other personal details like social security number and date of birth.
“This means that even if you had taken the step to freeze your Experian credit report, an identity thief could have unfrozen it and still tried to open a credit account in your name,” Mike Litt, a director for consumer group PIRG, told Yahoo Finance.
Experian confirmed the loophole did exist.
“While we are confident that our authentication is secure and no credit files are at risk, we have taken additional steps to make the process more secure,” Experian said in a statement. “We continue to regularly monitor our systems, taking immediate action when warranted to strengthen data security.”
Many consumers took advantage of credit freezes in the wake of the Equifax breach in hopes of protecting their identity and credit score. The Equifax breach exposed more than 148 million Americans’ personal data including their social security number, address and more.
Since a credit freeze may not even protect your information it’s important to routinely check your credit report to ensure that no new accounts have been opened in your name. A slew of banks like Chase, Citi and Capital One allow you to check your credit score for free through their websites.
Featured image by i_frontier / Getty Images.
Know before you go.
News and deals straight to your inbox every day.
NEW INCREASED OFFER: 60,000 Points
TPG'S BONUS VALUATION: $1,200
CARD HIGHLIGHTS: 2X points on all travel and dining, points transferrable to over a dozen travel partners
- Earn 60,000 bonus points after you spend $4,000 on purchases in the first 3 months from account opening. That's $750 toward travel when you redeem through Chase Ultimate Rewards®
- Chase Sapphire Preferred named "Best Credit Card for Flexible Travel Redemption" - Kiplinger's Personal Finance, June 2018
- 2X points on travel and dining at restaurants worldwide & 1 point per dollar spent on all other purchases.
- No foreign transaction fees
- 1:1 point transfer to leading airline and hotel loyalty programs
- Get 25% more value when you redeem for airfare, hotels, car rentals and cruises through Chase Ultimate Rewards. For example, 60,000 points are worth $750 toward travel
- No blackout dates or travel restrictions - as long as there's a seat on the flight, you can book it through Chase Ultimate Rewards