Credit reports and security in the offline world
Credit score is a number almost every individual in the country cares about. Your credit score determines if you can get a particular credit card, how much interest you pay on a loan, etc. Credit scores are calculated based on your credit report, an exhaustive account of all your past dealings with financial entities.
There are 3 major credit reporting agencies in the US: Equifax, TransUnion and Experian. The law requires each of these nationwide credit reporting companies to provide you with a free copy of your credit report, at your request, once every 12 months. Given the private nature of this information, you would assume they have mechanisms to let you access this information securely. TransUnion and Experian allow you access it online or mail, but for Equifax says the only way to get your report is via snail mail. What! why would anyone in 2017 send credit reports by mail; it insecure, can easily end up get lost / misplaced / in the hands of an identity thief. Below are two pages from an Equifax credit report I accidently ended up recieving.
By the virtue of getting access to the report, I now know the person's last 4 digits of SSN, bank account numbers, addresses, dob, etc. The following information in the hands of the wrong person can cause some serious damage.
The recent Equifax hack was an eye-opener. We suddenly came to know the gross incompetence of these agencies. Equifax ended up firing their Chief Security Officer who was a music major. Above example shows that these agencies still live in stone age and are not geared to ensure security and privacy of private information. Confidential information should not be sent via mail period. This is not the first post on this topic; hope some day these agencies mend their ways.