Identity theft is alive and well despite moves by many to freeze their credit files at Equifax, Experian, and Trans Union. Reportedly, fraudsters are opening up new mobile phone accounts under the names of people who froze their credit following the massive Equifax data breach.
The 2017 Equifax breach, in which hackers pulled off a data heist that affected about 148 million Americans, set off a series of bungled actions that included misdirecting consumers who attempted to find out if they had been impacted.
Brian Krebs from KrebsOnSecurity explains, “The freeze process is designed so that a creditor should not be able to see your credit file unless you unfreeze the account. A credit freeze blocks potential creditors from being able to view or “pull” your credit file, making it far more difficult for identity thieves to apply for new lines of credit in your name.”
However, Carrie Kerskie, director of the Identity Fraud Institute at Hodges University in Naples, found that that mobile phone companies weren’t performing credit checks through the usual credit agencies. Instead, they were going through the National Consumer Telecommunications and Utilities Exchange (NCTUE), according to Krebs.
Quoting Kerskie, Krebs writes, “We’re finding that a lot of phone carriers — even some of the larger ones — are relying on NCTUE for credit checks. “It’s mainly phone carriers, but utilities, power, water, cable, any of those, they’re all starting to use this more.”
What makes this discovery alarming is what Krebs found when he scratched beneath the surface. It turns out that the NCTUE is composed of four organizations: Centralized Credit Check Systems, the New York Data Exchange (NYDE), and the California Utility Exchange.
As Krebs dug further, he uncovered three startling facts:
- Equifax operates the NYDE
- Equifax operates the California Utility Exchange; and
- Equifax is the sole contractor that manages the NCTUE database, which is hosted on Equifax’s servers
These findings become even more significant in light of the fact that the Equifax data breach probe has been moving at a sluggish pace.
Get the full story at KrebsOnSecurity.