Our Daily Breach: Who monitors the credit monitor?
A breach settlement that Murdoc finds most unsettling.
This time last year a large, publicly traded credit monitoring service filed their SEC notice for a breach they discovered on July 19th. A year later the culprit behind this breach has not been identified and whatever they did with that all this employee & contractor data they collected for two weeks remains unknown to public. The company only stated:
"Due to requirements imposed by Massachusetts law, we are unable to provide further detail about the nature of this incident, but you may obtain additional information by calling the dedicated assistance line included at the end of this letter."
The weird part about this story is this same in their letter to the data breach victims CreditRiskMonitoring offers these victims, wait for it, MORE CREDIT MONITORING. This time with Equifax. Yeah dawg, that Equifax.
I spent the better part of the morning trying to understand the settlement claim. A credit monitoring company is offering the victims of their own data breach, more credit monitoring... from a different company?
If all these reports about the cost of a breach are to be believed, then a mistake on this level must have cost them both financially and in terms of reputation. So let's zoom out and see, what was the financial impact to CRMZ a full year later?
Wait what? Even CRMZ beat inflation (2.9% US 2024)?
As mentioned in earlier articles covering CCU, ticker symbol price isn't everything, but honestly I can't make sense of it either. For now, I'll just be staring at the ceiling wondering what do words even mean.
