We've written a lot on cybersecurity lessons from the Equifax mega-breach.
And now there's something to learn from a surprising cybersecurity problem at Experian, which is an Equifax competitor.
With every new data breach—including those hacks where credit card info is stolen from fast food chains—the suggested follow up is to freeze your credit with the credit bureaus. This is something you have to "un-freeze" before opening a new credit card or taking out a loan like the one for your new car or a mortgage.
And that's where NerdWallet found out about a major security loophole at Experian:
"Experian’s site exposed the personal identification numbers—the PINs needed to thaw credit freezes—after users answered their security questions with a blanket answer: None of the above."
That's right, if you answered "None of the Above" to the security questions, you were given the secret code to un-freeze someone's credit.
That's like an identity thief's dream, isn't it?
Experian tells NerdWallet it has fixed the problem.
