Yahoo Data Breach Reminder: Credit Freezes Remain Only Prevention of New ID Theft

The latest announcement of a data breach affecting more than one billion Yahoo accounts over three years after the fact raises even more troubling questions about how the breach was able to take place, especially after a breach of at least 500,000 accounts in 2014, and why it took so long to discover and announce. Although it failed its responsibility to protect its users, Yahoo has an opportunity to provide the most consumer friendly response to likely the largest breach of its kind by alerting its users to the benefits of credit freezes and offering to pay for credit freezes with all three major national credit bureaus.

The types of stolen information, which appear to include names, emails addresses, telephone numbers, dates of birth, passwords, and in some cases, encrypted or unencrypted security questions and answers, do not appear to be the types of information that can directly be used to commit existing or new account identity theft.

However, the information stolen in this breach could be used to “phish” or gather additional information that can be used to access existing credit accounts or create new credit accounts. Everybody, whether they have a Yahoo account or not, should be on the lookout for suspicious emails asking for verification of or submission of even more personal information.

It is imperative that Yahoo’s response to this breach not fall through the cracks as its acquisition by Verizon Communications is finalized. We agree with Yahoo in recommending its users change passwords and security questions they might have reused for other online accounts and be on the lookout for suspicious activity on other online accounts.

Yahoo should also alert its users to the benefits of credit freezes and offer to pay for credit freezes with all three major national credit bureaus. Such a response would be the most consumer friendly response to a major data breach and would be a huge advancement for identify theft prevention in our country. Due to huge marketing pushes by credit monitoring services that only alert consumers to fraud after the fact, most Americans are not aware that they can actually prevent id thieves from opening new credit accounts in their names in the first place by placing freezes on their credit accounts at all three national credit bureaus.  Credit freezes help prevent new account identity theft because they keep potential creditors from seeing consumer credit history, without which new accounts are typically not opened.

In the 2016 session of the Maryland General Assembly, Senator Lee and Delegate Waldstreicher introduced legislation to provide free credit freeze’s to security breach vicitms. Maryland Attorney General Brian Fosh supported the bill.Just as Maryland was among the first states, in the 1990s, to provide free access to credit reports, it should also  provide more consumers more free access to credit freezes as the bill would provide to security breach victims (identity theft victims already can obtain free freezes).

More information about placing credit freezes.


Emily Scarr

State Director, Maryland PIRG; Director, Stop Toxic PFAS Campaign, PIRG

Emily directs strategy, organizational development, research, communications and legislative advocacy for Maryland PIRG. Emily has helped win small donor public financing in Baltimore City, Baltimore County, Howard County, Montgomery County, and Prince George's County. She has played a key role in establishing new state laws to to protect public health by restricting the use of antibiotics on Maryland farms, require testing for lead in school drinking water and restrict the use of toxic flame retardant and PFAS chemicals. Emily also serves on the Executive Committees of the Maryland Fair Elections Coalition and the Maryland Campaign to Keep Antibiotics Working. Emily lives in Baltimore City with her husband, kids, and dog.

Find Out More