The story looks like any other one. Hackers managed to get login credentials for Experian’s credit scoring reports after they broke into the systems of Abilene Telco Federal Credit Union last year. Nothing special.
Thinking of it, this is a very interesting attack vector: instead for going after the big, hardened system, the attacker goes for the soft target of lesser protected yet trusted customer of it. Of course it makes a lot of sense for the attacker, but it raises some tough questions regarding relationships of trust that you may have with your customers.
The main question is: if you let your customers access your sensitive information in a goodwill, do we have rights to check whether this information is secure? Are you responsible for it? Or do you just have to trust that your customer will not be abuse your trust?
I believe that we have a right and a duty to shape our relationship using both trust and control. Trusting alone does not make a job. It may be even undesired by you and by your customers. They may not want to trust you and may not care whether you trust them.
So, next time before you grant someone access to your data, run Trust-O-Meter on them. Then, shape their relationship using Trust Journey. You may be positively surprised with results.