Can Identity Theft Protection Services Get Hacked?

Question

I recently was dumbfounded by a question whether identity theft protection services can get hacked. Me and my family we're T-Mobile customers in the US and after the recent T-Mobile hack we got free Identity Theft Protection from McAfee for two years.

Now I was setting this up for my family and when I was entering all the information of my mother in law, she asked me, what if now I give them all my information and then they get hacked. I had no good answer. I actually think her's was a very good question: If T-Mobile can get hacked, then why can't McAfee get hacked too? So why put more information out there?

So I thought I ask on this forum: What answer would you give my mother-in-law why we should give our information to McAfee? Or why not?

Answer 1

There is no 100% security. There is no magic glitter an identity theft protection service (or any other service) can sprinkle on their infrastructure to make absolutely sure it will not get hacked. There are companies though where protecting data is a core business while for others protecting data is only a nuisance. This means they will invest different resources and expertise on it.

In other words: the identity theft provider might be better in protecting the data but it will not be perfect. Same as having a healthy live style will reduce the risk for getting sick but it will not eliminate it.

Apart from that - the main point of an identity theft protection service is not to make your data inaccessible for others but to protect the data against misuse and to detect potential misuse. This means for example that businesses like banks will check with the identity theft services if there is some "lock" on this identity before doing any critical actions like issuing a credit in the persons name. Insofar the main point of a hack would not to get the personal information but to remove the lock or remove the monitoring for misuse.