Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Editor’s note: An earlier version of this story called this a “data breach,” when it is actually more of a security vulnerability that how now been resolved. Team Clark apologizes for the mischaracterization.
Credit-reporting giant Experian is saying that customers’ personal information is safe after a security flaw exposed people’s personal identification numbers (PINs) used to manage credit freezes. Personal finance site NerdWallet first reported the Experian security vulnerability, which has been fixed.
To retrieve your PIN online, Experian presents users with multiple choice security questions for identity verification. The problem was, by selecting “None of the above,” the site granted anyone access to a PIN that allows you to manage your credit freeze preferences. NerdWallet was able to replicate the breach after being made aware of it by a reader.
It’s worth noting that if you haven’t set up a credit freeze, you have nothing to worry about, since a PIN would only allow someone to thaw your credit, not gain access to your credit report.
The incident comes more than a year after the Equifax data breach, which increased scrutiny of the major credit-reporting agencies. The Experian data leak apparently only affected consumers trying to access their accounts via online. Mail methods are believed to have been unaffected.
RELATED: Protect yourself with Clark’s Credit Freeze Guide
An Experian spokesman told Team Clark: “There is not and never was a risk to consumer credit data, personal information or the security of our systems. A credit freeze PIN does not enable access to a credit file or consumer PII (personally identifiable information). Experian deploys multiple layers of security, many of those not visible to consumers. While we are confident that our authentication is secure, we have taken additional steps to make the process even more secure. We continue to regularly monitor our systems, taking immediate action when warranted to strengthen data security.”
Despite this latest lapse, money expert Clark Howard says credit freezes are still the #1 way consumers can protect themselves from identity theft and fraud.
The three major credit-reporting bureaus, Experian, TransUnion and Equifax, have moved away from PINs as a means of accessing your credit freeze online. When it comes to mail, though, the agencies still will need your PIN.
If you no longer remember your PIN or have misplaced it, the agencies want you to mail them identifying information. But you can also call them. See Clark’s Credit Freeze Guide for all the ways to reach them.
This post was last modified on May 9, 2019 11:11 am
If you've been considering signing up for one of the Chase Sapphire credit cards, now…
The costs associated with owning a home go way beyond the amount on the mortgage. …
Inflation hits people on a fixed income the hardest. Say you're retired. You're living off…
Deciding to save and invest are great habits. But once you check that box, your…
If you're considering subscribing to Fubo, you need to be comfortable missing out on some…
Are you looking for a way to earn 2% back on every purchase you make…