Experian Bug Exposed Security Pins That Shielded Credit Reports
After a wild year of Equifax recovering from its massive data breach, which exposed personal information of millions of Americans, a new credit reporting bureau is in hot water.
A report by NerdWallet has revealed a serious flaw in Experian's security system, which was supposed to protect the pins of customers who wanted to unfreeze their credit reports.
Experian explains what a credit freeze is on its website, but issues in its own system allow criminals to do exactly what the company says a credit freeze is supposed to prevent in the first place:
"A security freeze will prevent potential lenders from accessing your credit report, stopping a thief from opening an account or getting credit—even if they have your personal information," Experian writes.
Experian's system issued consumers a PIN to access their frozen credit reports. However, if a consumer forgot their pin and wanted to retrieve it, they had to answer a set of security questions. Anyone could potentially access your report because Experian would accept a blanket "None of the above" answer to these questions.
Once someone had access to an account they could unfreeze the credit report and start to open credit cards in customers' names — pending other personal details like social security number and date of birth.
“This means that even if you had taken the step to freeze your Experian credit report, an identity thief could have unfrozen it and still tried to open a credit account in your name,” Mike Litt, a director for consumer group PIRG, told Yahoo Finance.
Experian confirmed the loophole did exist.
“While we are confident that our authentication is secure and no credit files are at risk, we have taken additional steps to make the process more secure,” Experian said in a statement. “We continue to regularly monitor our systems, taking immediate action when warranted to strengthen data security.”
Many consumers took advantage of credit freezes in the wake of the Equifax breach in hopes of protecting their identity and credit score. The Equifax breach exposed more than 148 million Americans' personal data including their social security number, address and more.
Since a credit freeze may not even protect your information it's important to routinely check your credit report to ensure that no new accounts have been opened in your name. A slew of banks like Chase, Citi and Capital One allow you to check your credit score for free through their websites.