Hackers chasing Australians with higher credit score, ClearScore data finds
A credit check provider has established a link between Australians with higher credit scores and the likelihood of a breach.
A credit check provider has established a clear link between Australians with higher credit scores and the likelihood of a breach.
Those with a credit score of 700 or higher accounted for 72 per cent of all attempted breaches last year among local customers at British FinTech ClearScore who had activated a premium protection service.
Of the 389,000 users who had activated that particular product called ClearScore Protect, which scans a database of stolen information uploaded to the dark web every three months on behalf of users, the company recorded 1.24 million breaches, a clear indication that those with higher credit scores were more likely to be targeted, said senior engineer Alex Berriman.
Determining which customers had higher credit scores was relatively easy for cybercriminals who used location-based data and information about a person’s employer and job role to determine their salary. “You can make some reasonable assumptions that an individual with a certain salary band who is living in a certain area is typically more likely to have a higher discretionary spend,” he said.
“Higher income individuals typically have a higher credit score and higher discretionary spending so they might be spending more on holidays or sentimental items based and attackers might look for patterns like that.”
Of those to activate ClearScore Protect, about 60 per cent had a credit score of 700 or higher.
The company recorded a 400 per cent spike in breaches in April last year, just weeks after financial institution Latitude was breached and 14 million records were stolen.
ClearScore, which has about 1.3 million customers, detected 375,000 instances when personal information belonging to its customers had been posted online in 2023.
Across Australia there are three main credit reporting bodies, Illion, Equifax and Experian, which provide reports to banks and other financial lenders when an individual applies for a loan.
How companies like ClearScore played a role was by using their data to provide a service. “What we essentially do is we ingest credit reports from two of the three bureaus in Australia and we allow our users to monitor that for free,” Mr Berriman said.
Credit reporting companies and their insights into consumer habits have proven particularly useful amid all the recent breaches, with their data used to determine if a hacker or criminal has attempted to take out credit under someone else’s name.
It has also become common for companies who have suffered a breach to offer credit checks and block services to their customers, with the nation’s second largest telco Optus one of the first major companies to do so following its breach in September, 2022.
Mr Berriman said the scope of breaches only continued to grow as more companies transition to digital services and payments. “As users continue to spend online, we’re seeing more and more highly sensitive data included in breaches.”
ClearScore had found a spike in attacks on users with a credit score of 800 specifically around the same time major breaches had occurred including the attack on Medibank which saw the details of near 10 million customers stolen.
Asked if Australians should be more careful about getting credit checks online after establishing a link with breaches, Mr Berriman said he believed it should be the opposite.
“What you sort of need to do is make sure you’re behaving in a way that reduces that risk, but also mitigate it when it happens,” he said, adding that actively monitoring your credit score could help stop further issues faster.
“While there are tools out there that in isolation might detect that your password has been breached, where ClearScore sort of shines is that we can identify our through tools when a password has been breached and then link that back to your credit report and score,” he said.
As most credit applications were now completed online, it had become easier for hackers to attempt to take out a product once obtaining identity documents and a victim’s home address, Mr Berriman said. “One of the best ways to not so much prevent but to deal with that type of situation is to identify an incident in near real time as possible,” he said.
ClearScore is one of several who now monitor the dark web in search of their users and any associated information that may be available for sale or trade.
Dark web reports are becoming more common, with companies including Google now offering the service as part of its Google One subscription service.
More Coverage
Bromance to brawl: Musk vs Altman goes nuclear
The two tech titans are in the meanest fight in business. The stakes couldn’t be higher.
OpenAI rejects Elon Musk’s takeover offer
The ChatGPT maker’s board unanimously turned down the billionaire’s unsolicited $153bn bid.