Who has our credit file?
Interesting question, isn’t it?
Who has our credit file…
The problem with answering that question is that there is no simple answer that we want to hear, because the truth is a hard pill to swallow.
To do this, I’d like us to look back at our most recent history, so that we can follow a chain of events that leads us to where we ended up today. I will first introduce you to some scenarios, so that you are thinking in the same terms as we are in my Data/Information Security business.
Let’s start with our credit scores; We all know that we need to have good credit scores to do the necessary things in life, like buy a car or a house, get a loan, and open credit card accounts. Now, most of us also know that there are “Credit Bureaus” that are responsible for making those numbers exist. However, how often have you considered that they need to track your information and all of your purchases to produce and maintain those records?
The truth is: That is done all the time. Not only by the Credit Bureaus, but by an endless number of other organizations whose sole purpose is to monitor and record our transactions; They are information brokers. Our personally identifiable information (PII) is something that is widely monitored by numerous groups for one purpose or another, and that information is also bought and sold by information aggregators.
Very interesting, right? I also thought the same!
Of course, this information brokering is very benign in nature, because many businesses rely heavily on sharing this personal information, including law enforcement and the federal government. Did you know that there are also organizations linked to the same Credit Bureaus that provide us with our credit scores, which operate as Information Brokers and Information Aggregators?
I also found it very interesting, and I will explain why.
Many of these credit bureaus also have subsidiaries or side companies that provide “identity theft” related services, which amounts to nothing more than their customers paying them to monitor their credit, which is something your organization is already doing. So now, let’s add insult to injury in the fact that federal laws have been enacted that more or less require corporations that are unfortunate victims of data breaches, and that number is increasing daily, to offer their customers (the innocent victims ) “identity theft” services. Remember the services I just mentioned that side companies offer? Well guess what, take a look at who owns the company providing the services being offered the next time you read a news report about a new business suffering from a data breach.
Let’s recap what was discussed: credit bureaus monitor our information; The Information Brokers collect our information for the Credit Bureaus; Information Aggregators buy and sell our information that was collected by Information Brokers; Secondary companies of credit bureaus offer us credit monitoring services when we become victims of identity theft due to data breaches.
Now imagine for a moment what would happen if an identity thief impersonated one of these information aggregators… It’s scary, right? Well, unfortunately, it’s happened at least once before: you’ll remember it as when one of the most well-known credit bureaus alerted the public that they had been the victim of a breach. I’m afraid it will happen again
I’ve found that companies have a lot at stake when it comes to their employees falling prey to the scenarios I’ve mentioned, both with the corporate bottom line in regards to productivity, and with employees suffering more medical problems caused by the undue stress.
