Who Has Our Credit File?

Interesting question, Isn’t it?

Who has our credit file…

The problem with answering that question, is there is not a simple answer that we want to hear, because the truth is a hard pill to swallow.

To do this, I would like for us to look back in our more recent history, so that we may follow a chain of events that leads us to where we have ended up at today. I will first present some scenarios to you, so that you are thinking in the same terms as we do in my business of Data/Information Security.

Let’s begin with our Credit Scores; We all know that we must have good credit scores in order to do the things that are necessary in life, such as buying a car or house, taking out a loan, and opening credit card accounts. Now most of us also know that there are “Credit Bureaus” which are responsible for those numbers being in existence. How often, though, have you considered that they must track your information and all of your purchases in order to produce and maintain those records?

The truth is: That is done continuously. Not only by the Credit Bureaus, but by a myriad of other organizations which have the sole purpose of monitoring and recording our transactions; they are Information Brokers. Our Personally Identifiable Information (PII) is something that is widely monitored by numerous groups for one purpose or another, and that information is also then bought and sold by Information Aggregators.

Very Interesting, right? I thought so too!

Of course, this brokering of information is all very benign in nature, because many businesses rely heavily on the exchange of this personal information, including law enforcement and the Federal Government. Did you know there are also organizations tied to the very Credit Bureaus whom provide us our credit scores, that are in business as Information Brokers and Information Aggregators?

I also found that very interesting, and I will explain why.

Many of these Credit Bureaus also have subsidiaries or child companies which provide “identity theft” related services, which amounts to nothing more than their customers paying them to monitor their credit, which is something that their organization is already doing. So, now, let’s add insult to injury in the fact that federal laws have been enacted which more or less requires corporations who are unfortunate victims of data breaches, and that number climbs daily it seems, to offer to their customers (the innocent victim) “identity theft” services. Remember the services I just mentioned that the child companies are offering? Well, guess what, take a look at who owns the company providing the services being offered next time you read a news report about a new business suffering from a data breach.

Let’s recap what has been covered: Credit Bureaus monitor our information; Information Brokers gather our information for the Credit Bureaus; Information Aggregators buy and sell our information which was gathered by the Information Brokers; Child companies of the Credit Bureaus are offering credit monitoring services for us when we become identity theft victims due to data breaches.

Now imagine for a moment what would happen if an Identity Thief were to impersonate one of these Information Aggregators… Scary, right? Well, unfortunately, it has already happened at least once – you will remember it as when one of the well-known Credit Bureaus alerted the public that they had been the victim of a breach. I fear that it will happen again

Businesses, I have found, have much at stake when it comes to their employees falling prey to the scenarios I have mentioned, both with the corporate bottom line as it relates to productivity, as well as the employees suffering from more medical related issues caused by the undue stress.