Monday, May 16, 2005

Responding to the Merlin breach

Yesterday, I posted about an incident involving Merlin Information Services (Incident: Another data aggregator provides personal information to impostors). Adam Shostack at Emergent Chaos picked up on the posting and wrote about it on his blog (Emergent Chaos: Merlin Information Systems, 9,000, Lying customers). He also points to the Press Room of Merlin Information Services, which is an interesting read. The company appears to be very open about the incident and is offering each affected consumer with one year of credit watching services and $50,000 of identity theft insurance. Of course they are strengthening their customer verification process to prevent people from fraudulently opening accounts with them, it's closing the barn door a tad too late.

While nobody would want to be one of the 9,000 affected people, the company's response may be the best that one can expect.

1 comment:

Tamara Thompson Investigations said...

I'm not sure that you're on the mark with your barn door analogy. Only one of Merlin Information's responses to their data theft is to tighten their screening, which any responsible company would try to do in this situation. The problems these data compromises point to is integral with our information based world, and not merely the failure of companies to act. See more at my posting, http://yourpinews.blogspot.com/2005/05/merlin-information-hit-by-data-theft.html