Calls for improved security legislation after TransUnion breach

Enhanced federal legislation and closer scrutiny of user behavior were at the top of leading security professionals' wish lists this week as news of last month's theft of a TransUnion PC containing the personal credit information of about 3,600 clients spread.

One of three companies in the U.S. that monitor consumer credit histories, TransUnion said it has been checking the credit status of all victimized customers and does not believe that any fraudulent activity has taken place since the burglary of its California sales office last month, it said Wednesday in a statement.

The breach of private financial information is yet another call for new federal security laws, said Paul Kurtz, executive director of the Cyber Security Industry Alliance, who added, "I don't think we should be surprised that we're hearing about another breach."

"In general, (the 14 online security bills waiting to be acted upon in Congress) are all talking about putting reasonable security measures into place, such as notifying the consumer (in case of a breach), as well as the Federal Trade Commission in some cases," he said. "I think that there are concerns that (some of the bills) are not strong enough."

TransUnion officials notified local law enforcement, their own response team and the 3,600 customers who had credit information stolen, a spokesperson said Tuesday. The company has also provided victims with a toll-free number to speak with fraud-response officials, a free year of credit monitoring and a copy of their credit reports from all three nationwide credit bureaus at no cost.

Prat Moghe, chief executive officer and founder of Tizor, said the TransUnion case made him ask the question, "Why was secure information in a soft computer?"

Moghe said he wants corporations to monitor users with access to sensitive information more closely.

"This demonstrates that there are about 30 to 40 ways to get (confidential information). This is like getting the keys to the vault," he said. "Are (companies) really monitoring who has the information?"

Moghe said he also believed stronger federal legislation would be helpful in keeping private information out of the hands of criminals.

"I don't think that (the law) goes far enough today," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.