You are hereHome >
Statement can be attributed to Mike Litt, U.S. PIRG Consumer Advocate, on announcement of Yahoo data breach.
"The announcement of a data breach affecting at least 500 million Yahoo accounts two years after the fact raises troubling questions about how the breach was able to take place, especially after a breach of 450,000 of its accounts in 2012, and why it took so long to discover and announce. It is troubling that the breach was only discovered after a review of its security systems in response to an unconfirmed claim of a separate breach. Although it failed its responsibility to protect its users, Yahoo has an opportunity to provide the most consumer friendly response to one of the largest breaches of its kind by alerting its users to the benefits of credit freezes and offering to pay for credit freezes with all three major national credit bureaus.
“The types of stolen information -- which appear to include names, email addresses, telephone numbers, dates of birth, and in some cases, encrypted or unencrypted security questions and answers -- do not appear to be the types of information that can directly be used to commit existing or new account identity theft.
“However, the information stolen in this breach could be used to “phish” or gather additional information that can be used to access existing credit accounts or create new credit accounts. Everybody, whether they have a Yahoo account or not, should be on the lookout for suspicious emails or phone calls asking for verification of or submission of even more personal information.
“It is imperative that Yahoo’s response to this breach not fall through the cracks as its acquisition by Verizon Communications is finalized. We agree with Yahoo in recommending its users change passwords and be on the lookout for suspicious activity on other online accounts.
“Yahoo should also alert its users to the benefits of credit freezes and offer to pay for credit freezes with all three major national credit bureaus. Such a response would be the most consumer friendly response to a major data breach and would be a huge advancement for identify theft prevention in our country. Due to huge marketing pushes by expensive credit monitoring services that only alert consumers to fraud after the fact, most Americans are not aware that they can actually prevent ID thieves from opening new credit accounts in their names in the first place by placing freezes on their credit accounts at all three national credit bureaus. Credit freezes help prevent new account identity theft because they keep potential creditors from seeing consumer credit history, without which new accounts are typically not opened.“
More information about placing credit freezes is available at http://uspirg.org/reports/usf/why-you-should-get-security-freezes-your-information-stolen
Our general ID Theft advice is here: http://consumertips.uspirg.org/identity-theft.html
U.S. PIRG Education Fund is a non-profit, non-partisan public interest advocacy organizations that stand up to powerful interests whenever they threaten our health and safety, our financial security, or our right to fully participate in our democratic society. On the web at uspirgedfund.org.
Your tax-deductible donation supports U.S. PIRG Education Fund’s work to educate consumers on the issues that matter, and the powerful interests that are blocking progress.
You can also support U.S. PIRG Education Fund’s work through bequests, contributions from life insurance or retirement plans, securities contributions and vehicle donations.