Hackers Can Unfreeze Your Frozen Credit Records

Back in May 2017, credit bureau giant Equifax had virtually its entire database of consumer credit reports stolen by hackers – more than 148 million in all. The attack occurred because Equifax failed to patch a software vulnerability it had known about months before the breach occurred.

I was one of the victims. If you’re an adult living in the United States, your files were likely compromised as well.

But unlike many of the victims, I wasn’t especially concerned about the breach. A big reason was that in response to previous attempts to steal my identity, I had placed a security freeze on my credit files.

A security freeze limits access to your credit report to companies that already have you as a customer. If you have a security freeze in effect and a hacker succeeds in impersonating you, they’ll find it almost impossible to benefit financially from having your information.

Credit bureaus hate security freezes, because they can no longer sell your data to the highest bidder. Instead, they’ll try to persuade you to sign up for a “credit lock” and credit monitoring services. Essentially, you pay a monthly or annual fee (which is often waived) for the privilege of having the company who should be keeping your data safe notify you when they fail to do so.

Don’t be fooled. A credit lock is only an agreement between you and the credit bureau. You’re bound by the restrictions in the fine print of the agreement, rather than by your state’s security freeze law. All 50 states have such laws in effect.

However, once you set up a security freeze, you might discover that hackers have unfrozen it without the credit bureau informing you. That’s the case with Experian, which doesn’t confirm you’ve lifted a security freeze unless you subscribe to the company’s credit lock service. This service costs $25 per month. One victim named John only found out the security freeze on his account had been lifted after receiving an email from Experian informing him the email address on his account had been changed.

Apparently, a hacker used Experian’s automated “forgot email/username” feature and was able to convince the credit bureau that they were John after correctly answering a handful of questions drawn from public records. The hacker then changed John’s email address, password, and PIN, locking him out of his own account. They also removed the security freeze.

John couldn’t reset his Experian password because the reset links he requested were sent to the hacker’s email address. He regained access to his credit account and reimposed the freeze only after a lengthy authentication process over the telephone.

This vulnerability is apparently unique to Experian. Both Equifax and TransUnion, the other two big consumer credit reporting bureaus, send emails to the address on file asking to validate account changes.

It’s simply inexcusable that in 2022, Experian doesn’t offer multi-factor authentication for resetting a security freeze. The company compounds the problem by “verifying” your identity using data from public records that can often be easily guessed by identity thieves.

However, this should hardly be a surprise. You don’t own the data in your credit records – the credit bureaus do. Indeed, these companies make billions of dollars in profits annually selling your data.

In the meantime, a class action lawsuit has been filed against Experian in California. The lawsuit alleges that Experian’s shoddy security practices violate the Fair Credit Reporting Act. This law, enacted in 1970, regulates data collected by consumer reporting agencies such as credit bureaus, medical information companies and tenant screening services.

We wish the plaintiffs the best in their fight to force Experian to change its attitude of depraved indifference to data security. But we’re not anticipating any significant legal breakthrough. As is usual in lawsuits of this kind, the only people who are likely to receive any money are the attorneys who filed it – assuming the lawsuit isn’t dismissed entirely.

In the meantime, we suggest you adopt the attitude we have regarding computer security in general. Instead of assuming our data is safe in the hands of third parties, we take it for granted that it’s not.

We understand that hackers have access to data that we once believed was private and that it might as well be pasted on the front page of The New York Times. And we grudgingly accept the fact that every database that stores this information has likely been compromised.

This status won’t change until lawmakers recognize that everyone has an ownership right to their own data, including data held by third parties. Ownership over your own data would give you the right, but not the obligation, to share it with others.

Your data has value. If you owned it, you’d receive a tiny royalty every time someone accessed it. You could also restrict your data flow if you chose. The blockchain technology that underpins cryptocurrencies could pave the way for secure markets for personal data, making credit bureaus obsolete and putting you in control of your data.

But until then, your only recourse is to take steps to protect yourself. And a security freeze – one that in Experian’s case you have to periodically reconfirm is still in effect – should be at the top of your list.

Follow these links to get started:

On another note, many clients first get to know us by accessing some of our well-researched courses and reports on important topics that affect you.

Like How to Go Offshore in 2023, for example. It tells the story of John and Kathy, a couple we helped from the heartland of America. You’ll learn how we helped them go offshore and protect their nestegg from ambulance chasers, government fiat and the decline of the US Dollar… and access a whole new world of opportunities not available in the US. Simply click the button below to register for this free program.

About The Author

Free Course

This new report shows you how to go offshore this year and protect your money from ambulance chasers, government fiat and the decline of the US Dollar.

Get our latest strategies delivered straight to your inbox for free.

Get Our Best Plan B Strategies Right to Your Inbox.

The Nestmann Group does not sell, rent or otherwise share your private details with third parties. Learn more about our privacy policy here.

The Basics of Offshore Freedom

Read these if you’re mostly or very new to the idea of going offshore

What it Really Takes to Get a Second Passport

A second passport is about freedom. But how do you get one? Which one is best? And is it right for you? This article will answer those questions and more…

How to Go Offshore
in 2023

[CASE STUDY] How we helped two close-to-retirement clients protect their nest egg.

Nestmann’s Notes

Our weekly free letter that shows you how to take back control.