Almost everyday we read or hear about another company that failed to follow basic security principles resulting in a hack and consumers having their credit and personal information floating around the ‘Dark Web‘. Well today was no different – fast-food company SONIC was the latest security slacker to get hit. It seems that ‘Joker’s Stash‘, a group on the infamous Dark Web, is attempting to sell credit card information of 5 million people and SONIC customers make up a portion of those.
Ordinarily this would be another ho-hum event, but the timing couldn’t be worse given the recent Equifax hack – SONIC may take a collateral hit from the blow-back. It would appear that politicians are getting fed up with all the hacking and may introduce the Freedom from Equifax Exploitation Act or ‘FREE Act’ to take credit reporting agencies to task. According to Elizabeth Warren, a co-sponsor of the bill it would-
The FREE Act allows every consumer to freeze and unfreeze their credit file for free. A freeze is like a “Do Not Call” list for your credit information. When your file is frozen, no one can access your data, and the credit reporting agency can’t sell it either. It’s partially about security—if your file is frozen, hackers who might have stolen your personal information can’t open credit cards or take out loans in your name.
Second, our bill requires any credit-reporting agency to fully and automatically refund your money if it charged you for a credit freeze after the Equifax breach. No one in the industry should profit from this hack.
Third, the legislation gives consumers access to a free credit report if they request a credit freeze, in addition to the free credit report that every American is entitled to every year.
Finally, the bill gives consumers whose personal data has been compromised access to fraud alerts. Fraud alerts are red flags in your credit report to alert whoever is looking at it that they should carefully verify your identity.
In addition, other legislation is being proposed to impose stiff fines for those companies who are asleep at the security wheel.
Just another reason that CSOs and CIOs need to-