Yahoo’s disclosure this week that hackers gained access to information in a stunning 1 billion user accounts prompted consumer advocates to press for action.
“Although it failed its responsibility to protect its users, Yahoo has an opportunity to provide the most consumer-friendly response to likely the largest breach of its kind by alerting its users to the benefits of credit freezes and offering to pay for credit freezes with all three major national credit bureaus,” Mike Litt urged Thursday.
Yahoo has stopped short of such an offer. Spokeswoman Suzanne Philion told The Palm Beach Post the company’s investigation found “stolen information did not include passwords in clear text, payment card data or bank account information.”
In an abundance of caution, the company is encouraging users to “remain vigilant by reviewing your account statements and monitoring your credit reports.”
Freezing a credit file is not necessarily free for Florida residents unless they are over 65 or have been notified they are the victim of a data breach, The Post has reported. Yahoo users may want to ask about this as fees for a freeze can run $10 for each of three major credit bureaus.
Prominent tech-security blogger Brian Krebs has recommended consumers institute a freeze as a matter of course, not just in response to a particular breach. A freeze can make it much more difficult for someone else to open new credit in your name, but it may have to be repeatedly lifted and reapplied for users to go about getting legitimate loans and other transactions.
Messages from Yahoo to its users Wednesday recommended that some change their passwords.
The breach may have occurred as far as back as 2013, Yahoo disclosed.
“The latest announcement of a data breach affecting more than one billion Yahoo accounts over three years after the fact raises even more troubling questions about how the breach was able to take place, especially after a breach of at least 500,000 accounts in 2014, and why it took so long to discover and announce,” Litt said.