Tuesday, January 30, 2007

Peace of Mind Despite a ConEd Foul Up

I just came across this post, "ConEd Customer's Personal Info Highly Vulnerable To Online Theft" from The Consumerist warning that ConEd's online account system can be cracked by running a simple "brute-force" program that basically tries every single numeric permutation of the ConEd account numbers (which is all that is needed to access an individual's account). As the Consumerist explains, once you are in a person's account, you have access to a bevy of valuable personal information. Not too good.

As a ConEd customer who pays via their automated online billing system, that definitely raised an internal alarm. And then, I'll admit, a sigh of relief. And so what follows is a plug for a recent Bessemer portfolio company, Lifelock. (Connecting the dots for full disclosure: I am employed by Bessemer, and therefore have invested interest in Lifelock.)

Lifelock provides what they call "Identify Theft Prevention." Basically, they proactively monitor unauthorized uses of your credit information. So if someone tries to use your social security number to take out a car loan, you get a phone call asking to approve that request, therefore enabling you to proactively thwart any unauthorized requests. As an added bonus, Lifelock also removes your name from pre-approved credit card lists (goodbye, CapitalOne!) and other junk mail lists.

I'll admit that when I first heard of Lifelock, it seemed to me that only the most risk averse of people would pay the ~$100/yr fee for this kind of protection. That was until I got a bill from Bank of America for something like $135. I didn't realize it, but I had already been paying BoA to protect my identity for the past year! Indignant for being charged for something I thought I had canceled a long time ago (I had signed up for one of those 30-day trials), I canceled the BoA service. But this suddenly left me feeling oddly exposed. I don't think BoA caught anything amiss, but how stupid would I feel if I canceled the service and then found myself sans identity!? This was all the impetus I needed to run to Lifelock's website and sign myself up for the 1 year contract. I'm very glad I did.

I'm not sure whether someone (or some people!) found the hole in ConEd's system already and has created a nice little database which includes my personal information, but I definitely feel some peace of mind knowing that I have some protection here. If you are in ConEd's system, you might want to consider doing the same. Because it is time we all realize exactly what I realized when I canceled my BoA service: our identities are exposed. And we need to be proactive to protect ourselves.