Banks And Credit Unions Beware: Even After The $425 Million Equifax Settlement, Data Breaches Continue To Ravage The “Big Three” Credit Bureaus

As you may recall, in September of 2017, Equifax announced news of a massive data breach. It was one of the largest, most consequential data breaches in US history.

The names, social security numbers, addresses, birth dates, credit card numbers, driver’s license numbers and other personally identifiable information of over 140 million American consumers was exposed for exploit by cybercriminals.

As a result of this infamous breach, and the lack of safeguards implemented by Equifax, the company was sued and settled those lawsuits with the Federal Trade Commission (FTC), 50 US states and territories and the Consumer Financial Protection Bureau (CFPB).

The resulting settlement cost Equifax both $425 million in fines, and a serious loss of consumer trust.

Now, two of the other “big three” credit bureaus find themselves on the data breach hot stove as well. But the consequences this time around could be even more devastating.

For banks and credit unions, however, there’s an easy to implement defense that should be immediately deployed. It’s proven to not only help stave off the financial destruction brought upon by these data breaches, but promises to keep institutional, customer and member accounts far more secure than ever before.

We’ll discuss how banks and CUs can proactively deploy this ironclad and irrefutable defense system in a moment. But first…

In November of 2022, TransUnion reported a gigantic data breach to the Massachusetts Attorney General. According to the AG report, the PII of roughly 200 million customers was compromised. If correct, this number is far greater even, than the Equifax breach.

To put its size in perspective, this transgression could have exposed as much as 36% more consumer data than the mega-breach at Equifax. It’s that big.

Included in the stolen TransUnion PII were names, full social security numbers, financial account numbers and driver’s license information containing mailing addresses. Or, simply put, everything a cybercriminal would need to open illicit synthetic accounts, or to access actual customer accounts.

As a result, the company now faces a serious class action lawsuit, and if there’s a settlement it has the potential to eclipse the $425 million Equifax fine.

Now, according to the complaint, TransUnion knew it had serious issues with its data security before the breach.

Defendant knew that critical software was required to protect Plaintiff’s and Class members’ personal information….

“Yet, Defendant {TransUnion} knew that sensitive consumer information uploaded to its proprietary database was susceptible to security risks. Nonetheless, Defendant continued to store, maintain, and transmit extremely sensitive PII using this insecure software,” the complaint says.

Should TransUnion lose or settle this class action lawsuit, and the fine structure be similar to the Equifax settlement, TransUnion could be looking at well over a half billion dollars in fines.

But there’s more…

Experian, the largest of the “big three” by market capitalization, just had a major issue of its own.

According to an early January report from Brian Krebs“Identity thieves have been exploiting a glaring security weakness in the website of Experian

Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.

“But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday, and Social Security number.”

Much of these data, unfortunately, are available for sale on the dark web, making criminal access to these credit reports rather easy. But fortunately, according to identity thieves, yes, identity thieves, the Experian website security loophole has finally been closed.

Too little too late?

How large exactly was the hole in Experian’s security?

How many consumers were affected?

How many bank and credit union accounts were accessed?

How many new fraudulent accounts were opened?

As of right now, we simply don’t know.

Speaking on data breaches and consumer protections, Senator Ron Wyden of Oregon said the FTC and CFPB must do more to protect Americans from these credit bureau breaches.

“If they {Govt agencies} don’t believe they have the authority to do so, they should endorse legislation like my Mind Your Own Business Act, which gives the FTC power to set tough mandatory cybersecurity standards for companies like Experian,” Wyden said.

Obviously, there is a major cybersecurity issue with the “big three.” An issue that must be addressed before even more serious breaches occur. And these issues must not only be addressed by government agencies, but by the credit bureaus themselves.

Afterall, if the complaint against TransUnion is true…

Defendant knew that critical software was required to protect Plaintiff’s and Class members’ personal information.”

… then it’s up to them to make the necessary fixes before more data breaches occur. And occur they will.

For banks and credit unions, these data breaches matter. While they have no control over the cybersecurity protocols of the “big three,” they certainly have control over their own fraud systems.

But clearly, legacy fraud solutions aren’t cutting it.

We mentioned earlier, how there is an easy to implement defense that all banks and credit unions should immediately deploy.

This defense has already proven to save financial institutions hundreds of millions in fraud losses, and is keeping customer and member accounts far safer than ever before.

But while this real-time solution is easy to implement and operate, the technology itself is incredibly complex.

It’s called RembrandtAi. The world’s most sophisticated, real-time, artificial intelligence-backed fraud detection and prevention system.

Rather than “looking” for fraud in post transactional batch data, RembrandtAi can discover fraud in real time, as criminals are conducting inter/intra-account transfers, attempting to open new illicit accounts or credit lines, are using stolen card data to make purchases, and more.

This technology, developed exclusively by ToolCASE, is light years ahead of any other fraud detection and prevention systems, and most importantly, light years ahead of the criminals who continue to exploit them.

In the wake of these massive data breaches, where PII and account data of unsuspecting victims is highly likely to be exploited (at the expense of banks and credit unions) …

It’s advised that all financial institutions implement RembrandtAi now, before it’s too late.

Discover how RembrandtAi, can help your institution potentially save millions of dollars in fraud losses, keep your customers and members better protected, and boost your bottom line at

Or, request a FREE demonstration of the remarkable capabilities of RembrandtAi, HERE