A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor – Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service.
Commenting on how the controversial news could affect users, and the steps they can take to protect themselves, is Paul Bischoff, Privacy Advocate with Comparitech.
Paul Bischoff, Privacy Advocate at Comparitech:
“Equifax’s decision to share contact information of those people who signed up for its credit monitoring program in the wake of the 2017 breach with Experian mainly serves the credit bureaus and not breach victims. Without consent, Equifax unilaterally made a decision to share contact info of people who signed up for its TrustedID program – many of whom registered out of fear of consequences from Equifax’s own catastrophe. If TrustedID users take no action, their personal information is shared with a third party and they receive no benefit. Users must either affirmatively opt-out of the data sharing or enroll in Experian’s similar credit monitoring program, IDnotify.
Neither credit monitoring program actually protects you from identity theft. They merely notify you when new lines of credit open in your name. A better solution would be to put a credit freeze on your credit report, but doing so cuts into the credit bureaus’ bottom lines. A credit freeze blocks creditors from viewing your credit report, a service that creditors pay credit bureaus for. These credit monitoring programs, which are unregulated and can change at any time, are designed to steer people away from credit freezes with a faster an easier – but less effective – alternative.
If you want to sign up for the ID notify program, do so before freezing your credit. If you’ve already frozen your credit, it might not be possible to sign up.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.