One of the big news stories from yesterday was how the personal and financial data for several well-known celebrities and politicians ended up being exposed online. According to a post today from Ars Technica, that data may have come from three big credit reporting companies – Equifax, Experian and TransUnion.
Those three companies have something in common – a website called annualcreditreport.com – where customers can go if they require a free copy of their own credit report. To get it they need to enter some personal information such as their date of birth, SSN and address, as well as answer a few multiple choice questions concerning previous addresses, loans taken, etc.
“What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals.”
Tim Klein, Equifax spokesman — Ars Technica
The site leaking the details now contains information about 22 individuals including the latest addition which is Tiger Woods. Equifax confirmed to Ars Technica that the details of four of those listed were “accessed inappropriately” from the annualcreditreport.com site.
Law enforcement are said to be investigating but the Exposed website posting the details is still very up and running and has now, at the time of writing, been viewed some 389,090 times.
Whether the details were acquired through hacking or not is questionable – in this day and age the person behind the leaks could just as well be using information that is all too easily garnered from other web properties or easily guessed, thus acting as a timely reminder for all that information security is becoming more important by the day.