In northeast Texas, about 30 miles north of Dallas, there’s a big, nondescript building. It looks like a generic commercial property, neighbored by similarly bland structures and a few trees, making up a typical, unassuming office park.
You wouldn’t turn to look at it while driving past, but even if you did, you wouldn’t realize the walls are 16 inches thick, made of concrete and hurricane-proof. You wouldn’t notice the windows are fake. You wouldn’t know the property is mostly underground and requires 24/7/365 on-site security.
There are no weapons or national security secrets inside — this bunker guards your credit report. Specifically, it’s an Experian data center that harbors credit information of 220 million American consumers and 25 million U.S. businesses.
Behind the Scenes of Credit Reports
For most people, getting a credit report seems like a pretty small, simple thing. For example: You go to AnnualCreditReport.com, enter your name, address and social security number, answer some security questions and get one or more of your credit reports from one of the three major credit bureaus to download. If you run into verification problems, you may have to mail in a request. You end up with a few (or several) pages detailing your past use of credit and some personal details, like your address and employment.
A process that ends with a report in your hands starts in the depths of a massive server farm, where your and millions of others’ information is stored. The Experian data center in McKinney, Texas, is 74,500 square feet, stores nearly 1,000 servers and runs up a $70,000 energy bill each month. (It used to be $100,000 a month, but they’ve recently focused on increasing energy efficiency.) Beyond that, they have a control room that looks like it could launch a space shuttle (if they were only still in operation).
The physical security measures are intense — I mean, the thing is an underground, concrete fortress — and you have to get through several layers of restricted access points just to get around the areas of the center that don’t store the servers. We’re talking guards, security cameras and doors that only open with a badge and hand scan. Manual sign-in logs are compared with badge activity to verify people’s movements within the center. The building has more than 10,000 intrusion sensors.
Within those layers is a grid of servers standing taller than a grown man. Hundreds of them hum, generating reports as Experian receives the requests.
Guarding Precious Data
The data in this facility is mirrored at a similar center a few miles away, connected by a giant tube of cables. All of this — the heavy physical security, the hurricane-proof building, the duplicate data center — is in place to ensure data isn’t lost under any circumstance. That’s the whole point of data centers.
“For a secure data center, there’s probably a minimum of five physical layers of security,” said Mark McCurley, senior information security adviser at IDentity Theft 911. “A dedicated (server) cage will have security controls on it and intrusion monitoring right up to the server.”
Then there’s the environmental control.
McCurley said the optimal temperature in a server room is 72 degrees Fahrenheit, and the rows of machines are meticulously organized to make sure hot air and cold air moves around properly to prevent overheating.
“The chance of an outage is greatly reduced,” McCurley said. That’s why companies all over the place store important information in data centers. “From a physical perspective, you probably can’t do better.”
Keeping Hackers Out
In a fight between concrete walls and the Internet, the Internet probably wins. A physical breach of a data center is very unlikely, and that’s the point. McCurley said the companies using space in data centers do so because of the physical protection, and it’s up to them to make sure their cybersecurity is up to par.
These days, people are more concerned with defending themselves against the intangible threats, like malware, phishing and all sorts of Internet-based risks. It’s good to know that sensitive credit data is on lockdown, but people want the digital-defense equivalent of reinforced concrete walls.
Experian knows that and works to keep a tight grip on all security matters in its data center.
“Our first priority, regardless of the source, is to always protect our clients and consumers from identity theft,” Susan Henson, senior director of Experian public relations, wrote in an email. She said Experian uses “sophisticated technology” to constantly monitor for suspicious activity and compromised credentials. Anomalies are flagged immediately, Henson wrote, notifying clients, consumers and law enforcement when appropriate.
You can’t check up on the servers storing your data, but consumers still have a great responsibility in protecting their valuable information. Any form or service requesting your Social Security number or bank information must be regarded with extreme caution, and you should regularly check your credit reports, credit scores and bank statements for signs of unauthorized activity. It’s easy to work these habits into your routine, given all the free tools out there for helping you stay on top of your credit, like a Credit.com account. You may not be able to protect your finances with a fingerprint scan, but you should treat information security that seriously.
More from Credit.com