The Experian Data Leak: What Businesses Need to Know About Data Breach Impact
In addition to moving to a post-COVID environment, when it comes to data breaches, we must remember we are in a post-Equifax data breach world as well. In 2017, Equifax exposed over 145 million Social Security numbers which led to the overall compromise of nearly 148 million consumers’ Personally Identifiable Information (PII). This resulted in new legislation throughout the U.S., Europe, and Australia – most going into effect in 2018. Now, organizations must abide by notification rules and timeframes and a number of reporting requirements when they discover that sensitive data has indeed been breached.
The latest credit bureau security incident happened on April 26th, 2021, when an Experian data leak exposed the credit scores of tens of millions of Americans. The incident, uncovered by a college sophomore, was caused by an essentially unsecured Experian Application Programming Interface (API). It allowed lenders to pull FICO credit scores using publicly available personal information, without requiring authentication. Anyone with minimal coding knowledge who stumbled across the API could easily access private credit scores.
The technology breach highlighted increasing concerns surrounding APIs, which are often comprised of weak code ripe for hackers. According to Salt Security’s “State of API Security” report, 91% of respondents experienced an API security incident in 2020, and malicious API traffic is a growing risk for every business and consumer.
Although Experian has indicated it has “fixed” the vulnerability, there is concern that there could still be other lender sites that are not fully secure. Full accessibility to consumers’ credit score information is certainly not something that should be publicly available.
Intelligent Identity Security Provides Businesses with Protection from Increased Threats
This data leak is just the latest wide-reaching cyber threat in a world where security incidents and data breaches are the norm. According to IBM Security, data breaches include consumer personally identifiable information 80% of the time.
At Sontiq, we’re dedicated to building innovative products and services that make us all less vulnerable. Our Intelligent Identity Security solutions focus on protecting every component of an identity, helping ensure the security and privacy of confidential information.
We provide protection to companies in the most security-minded verticals:
- Financial institutions make use of Sontiq’s Identity Theft Protection, Check Fraud Protection, Mobile Defense Suite™, Business Suite, along with Breach RapidResponse and Breach Readiness programs.
- Insurance partners benefit from our cybersecurity education, protection, forensics, incident response, and resolution services.
- Employee Benefits teams offer our identity protection products and services as an attractive employee incentive.
- Commercial Organizations can take advantage of fraud protection services including identity theft protection, mobile cybersecurity, and breach solutions.
- Mobile Security and High Tech can adopt a solution of next-generation Mobile Threat Defense combined with identity theft protection, rolled out to internal employees, or sold externally as a value-added service.
- Public Sector organizations appreciate that we’ve been awarded GSA Tier One status as an approved supplier of credit monitoring, risk assessment and mitigation, breach analysis and response, and comprehensive protection solutions.
Sontiq Uniquely Delivers Personalized Breach Risk Intelligence
Recently, Sontiq announced that it acquired fintech provider Breach Clarity. As a result, Sontiq’s products, IdentityForce, Cyberscout, and EZShield which are all built on its tech-enabled Intelligent Identity Security (IIS) Platform, will include the proprietary capability, BreachIQ™. Sontiq is the first provider in the identity security marketplace to offer consumers an AI-driven and proprietary personalized risk score with actionable next steps based on their unique data breach history. Learn more about BreachIQ and gain unprecedented insight and recommendations to mitigate data breach impact.
When Stolen Identities Happen – 15-minute Live Webinar
Unfortunately, security incidents happen no matter how prepared we are. The volume, velocity, and variety of data breaches are staggering — from tax scams to child identity theft, to unemployment fraud and more. It’s why Sontiq provides world-class identity restoration services to help fix any damages caused by an information breach.
Data breaches and data leaks, like this latest Experian incident, lead most people to ask, “what can I do if my personal information is compromised?” To answer that, Sontiq is hosting a 15-minute webinar featuring an expert from its Restoration team who will cover the immediate steps to take when an identity is compromised. Actionable tips and free educational resources will be available to attendees. Register today to secure your spot.
Data Breach Resources for Businesses
View Sontiq’s additional data breach protection tip sheets, webinars, infographics, and much more, in the Resource Center here.
- Sontiq Trust Center
- 10 Tips for Data Breach Victims
- Understand the Basics of a Data Breach
- Data Breach Impact on Banks and Credit Unions
- 5 Tips to Strengthen Your Personal Data Privacy
- New Types of Identity Theft Are on the Rise
- Keys for Keeping Your Identity Safe During Tax Season