Experian, one of the biggest consumer credit reporting bureaus, likely put your full credit history into the hands of identity thieves last year. On Monday, news broke of a major flaw in the company’s website, which allowed anyone with your name, address, birthdate, and Social Security number to bypass a security check and get to your report.
First discovered by security researcher Jenya Kushnir, the exploit had an unknown duration and was only patched in late December 2022—seemingly after Brian Krebs of Krebs on Security, having been notified by Kushnir about the issue, brought it to Experian’s attention. (You can read the full details in .)
Given how many data breaches have leaked all the information needed by identity thieves (including the massive 2017 Equifax hack), you can now assume your private financial info is out on the web. Accordingly, you’ll want to be on guard against even more clever phishing scams in the future—the kind meant to disarm you with info you might assume only a legitimate source would have.
The good news is that your existing protective measures against phishing still apply here—you can look over our guide to the important basics if you need a refresher. But in the wake of this Experian leak, you should pay extra attention in a few specific situations:
- Receiving calls or messages from so-called Experian representatives. You could receive a phone call, text message, or…
