Why Companies Won’t Learn From the T-Mobile/Experian Hack - The New Yorker

Excerpt from an Om Malik security reality check

"An offer of a credit-watching service in the wake of a hack is sort of like getting an alert after a fire has burned down your house. Moreover, in a recent blog post, Brian Krebs, of Krebs on Security, wrote, “Identity protection services like those offered by CSID, Experian and others do little to block identity theft: The most you can hope for from these services is that they will notify you after crooks have opened a new line of credit in your name. Where these services do excel is in helping with the time-consuming and expensive process of cleaning up your credit report with the major credit reporting agencies.”

Citizens often talk about the need for security and privacy, but we’ve proved mostly unwilling to hold the data leakers accountable. This isn’t the first time Experian has been accused of slipshod practices. As Krebs wrote in an earlier post, the company was recently sued because “it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves.” (Experian contests the plaintiffs’ allegations.)"

Why Companies Won’t Learn From the T-Mobile/Experian Hack - The New Yorker