Equifax can't secure its sites and data or respond effectively to a data breach impacting 143 million people. Unfortunately its industry rivals and peers aren't much better.
If you were looking to put a credit freeze on your data after the breach, you learned that Equifax's industry is a bit messy too. Unreliable sites riddled with vulnerabilities, phone trees that don't work and sporadic checks to verify your identity are the norm.
Equifax debacle: Massive Equifax data breach exposes as many as 143 million customers | We tested Equifax's data breach checker -- and it's basically useless | Equifax's credit report monitoring site is also vulnerable to hacking | Equifax's big fat fail: How not to handle a data breach CNET: Find out if you were one of 143 million hacked
Three people executed freezes on their credit reports and found the following on Monday:
- Equifax froze your credit report via its online forms and issued a PIN number. The process was relatively easy, but there were no checks such as account history quizzes or verifying previous accounts.
- TransUnion appeared to struggle with call volume. One of the folks executing credit report freezes was able to use TransUnion's online form. Two other folks had to go through a phone tree, wait for a rep and then verify via questions about account history. A PIN would be mailed to you. TransUnion also pitched you to enroll in their monitoring service before freezing your credit report.
- Experian's site held up well, processed a credit report freeze and verified your identity. Of the three credit rating agencies, only Experian seemed able to handle requests well.
Later Monday, we learned that Equifax's credit monitoring site has an XSS vulnerability. Equifax's PIN issuance also created security issues. And the online form used to freeze your credit fell over completely.
What's more alarming is that the credit freeze volume probably wasn't that high. Google searches on credit freezes were up a bit, but well below the queries about the Equifax data breach.
Here's the alarming bottom line. The credit reporting services are functional at best and totally inept at worst. Equifax is obviously at one end of the inept scale, but there should be a deep dive on the entire industry. The credit watchers and their keystone cops technology routine also need to be watched.