Just as we were extolling the services of credit unions, I received an email today informing me (see the quoted text below) that my information was compromised. I closed the account a couple of years ago and that was the last of the small financial institution relationship I had.
"What Information Was Involved?
The information in the accessed databases included first and last name with Social Security number, Driver’s License number, date of birth, and/or email address. Not every data element was present for every individual."
That is an extensive breach which makes me think their data segregation was not proper.
"[W]e contained the threat by proactively disabling all unauthorized access to our network, restoring all data, and immediately commencing a prompt and thorough investigation. We also notified law enforcement. As part of our investigation, we worked very closely with external cybersecurity professionals experienced in handling these types of incidents. The investigation revealed that an unauthorized party gained access to our network on May 23, 2024, leading to access to the databases on June 29, 2024. Following the investigation and a thorough review of the data involved, we confirmed on August 14, 2024, that the accessed databases contained your personal information."
Patelco does not say if they paid the attackers but they say they restored all the data. I think in most cases the Ransomware attackers delete the information accessed if they are paid. How can I find out if they paid the Ransomware attackers?
"What You Can Do
To help protect your information, we are offering a complimentary two-year membership of Experian IdentityWorksSM Credit 3B. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft."
I already have credit frozen at all three credit unions (Experian calls it "security freeze"). Experian had said that they send you an alert every time someone tries to access your credit file. I recently opened a B0A account and evidently BoA checks your credit file but I have not received any alert.
Does anyone have experience with "Experian IdentityWorksSM Credit 3B"? Any negatives in signing up for this service?
Thanks.
Comments
I loathe the cybercriminals who do this!
https://shelftalkblog.wordpress.com/statement/
We have to work with the world as is.
There have been previous posts on data breaches - MOVEit data transfer, Inforsys/MacCamish, etc.
A typical deal offered is 2-3 years of credit monitoring by one of the credit agencies or 3rd parties like Kroll.
The biggest breach of all may be the NPD - National Public Data breach that will affect almost everybody. NPD is a national database used for background checks & fraud prevention and it most likely has your data too.
As much as I hate having too many accounts open, it's good to have multiple credit cards and bank accounts just in case one of them gets hit by something bad.
And those of your deceased ancestors (I checked). Check yourself, your family, your friends, etc. here. You just need full name, state, and year of birth. Sloppy data but pretty broad reach.
https://npd.pentester.com/search
I have had a credit freeze for years. When I called the provider offering credit monitoring from one my many hacks, they said a credit freeze prevents them from monitoring your account.
We have had our data hacked so many times I have lost count.
https://innovis.com/
https://www.chexsystems.com/