So batteries.com had the usual security breach, lost the usual list of customer info, and sent out the usual letter advising the victims that they could get a free signup with Experian’s credit-report monitoring service.
So I signed up, which involved the usual exposure of sensitive parts of my ID anatomy, and was eventually told (despite answering everything correctly, AFAICT) that they couldn’t verify that I was, in fact, me and would send a paper form to my (presumably known-to-them) USPS address for confirmation.
The next day I get an email from “Triple Alert Redemption Customer Care <email@example.com>” with this helpful offer:
We employ a rigorous identity verification system in order to protect your personal information. Unfortunately, we could not validate your identity due to either technical difficulties with the system or information submitted that could not be confirmed.
To continue the order process, please contact customer care at 1-866-mum-bles, Monday-Friday from 6 a.m. to 6 p.m., Saturday-Sunday 8 a.m. to 5 p.m. Pacific Time. Please provide this Reference number (required):
Reference number: make-up-your-own
A representative will attempt to confirm your identity by asking you questions based on the information contained in your credit report. Please be sure to familiarize yourself with data such as the names of your lenders and account balances before you call. Once your identity has been confirmed, you will be provided access to your Triple Alert(SM) Credit Monitoring membership.
Now, it’s highly likely that the email is on the up-and-up, but this seems to be precisely one of those situations they warn about:
- you get an official-looking email
- call the phone number
- talk to the nice person
- answer a bunch of probing questions
- be assured that something pleasant will happen
Instead, I called the “Contact Us” number from their website. The nice lady didn’t see anything wrong with them sending out an email like that. Nay, verily, she offered to do the deed right over the phone. I respectfully declined… I can wait.
It’s worth noting that although it’s an Experian thing, the websites & email addresses involved include:
It’s enough to make you think longingly of cutting up your cards, digging a hole, climbing down, and pulling it in after you.
[Update: after a month or so, I got an email telling me that all was quiet on my Triple-Alert front and my delicate personal bits were in fine shape. A few days later, the long-awaited paper arrived with my confirmation numbers. So I suppose it’s working, but sheesh it doesn’t inspire much confidence.]