CTO Oversees Identity Theft Protection
By Roy Urrico
Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity and/or information governance to protect data and transactions at credit unions and other financial institutions.
“When it comes down to it, everyone’s identity is at risk,” said Patrick Glennon, the CTO for IDIQ, a financial intelligence company that helps protect and strengthen people’s long-term financial health, in a discussion with Finopotamus. Glennon emphasized, given the number of data exposures occurring, “It is just a matter of if, or when, an identity thief is going to use it. That is why staying in front of it is so important.”
Some recent reports backup Glennon’s concerns:
The Identity Theft Resource Center (ITRC) tracked 3,205 reported data breaches, exposures, leaks and unspecified events, impacting an estimated 353,027,892 victims in 2023.
Financial services was among the most compromised industries in 2023 at 744 incidents, per the ITRC.
The NCUA specified that in November 2023 some 60 U.S. credit unions reportedly experienced outages due to ransomware attack on a cloud IT provider.
Glennon oversees how Temecula, Calif.-based IDIQ, which partners at the enterprise level with credit unions and other organizations, monitors dark websites and credit usage when personal data becomes exposed or exfiltrated. This collaborative effort aims to proactively reduce fraud risk, mitigate the effects of cyberattacks, and assist with next steps to minimize potential risks for organizations and account holders.
Taking on an InfoSec Role
Glennon originally hailed from Northern California, but now resides in Texas. “I have more than two decades of experience in banking and consumer identity protection with roles at companies such as JPMorgan Chase, CoreLogic, Arthur Andersen, and Ebates.”
He explained his experience includes “building software and infrastructure teams from the ground up, (and) managing complex datacenter and cloud migrations.” Glennon also related how he has managed transitions from legacy to modern engineering standards, and recruited top-tier talent, while building scalable business models to drive long-term success.
Glennon’s entered the information security environment driven by what he saw as a need. “We probably all know someone who has had their personal information exposed by falling for a phishing email, being part of a data breach, etc. I know people who have, and that is what drew me to the financial and identity protection industries.”
IDIQ’s Cybersecurity Operations
Glennon emphasized technology-driven solutions for identity and financial protection are the foundation of IDIQ. “We offer our flagship IdentityIQ brand that delivers real-time alerts and credit report information to not only protect but also educate consumers and businesses.”
The IDIQ family of brands includes: MyScoreIQ for financial health and protection; Resident-Link technology for on-time rental payment reporting to help build and improve consumer credit scores; Credit & Debt, an education-based membership platform; and IDIQ Pre-Paid Legal Services, a provider of voluntary employee benefits.”
Glennon noted financial institutions do a decent job of catching threats with their fraud departments. IDIQ, he added, is a “little different” because IDIQ also scans the dark web looking for credentials, credit card numbers, driver's license numbers, Social Security numbers — things of that nature. The company also monitors address changes on the United States Postal Service’s National Change of Address list.
Above all, IDIQ keeps a close watch on data breaches because it alerts its member base when incidents occur.
Protecting IDs
In a previous discussion with Finopotamus, Glennon addressed the somewhat contradictory nature of protecting IDs, while also maintaining members’ privacy.
“We try to educate people and let them know it is a choice. It is a tricky one. We can provide information on how we are securing those credentials,” he said. “We would be lying if we said it was not a risk to provide those credentials out there (in cyberspace). That is really the only way we can see if (one’s identity) been exposed.”
Glennon further explained the initial monitoring starts with searches of email address and usually a member’s Social Security number. “We do not always get Social Security numbers. Some people do not want to give it out understandably. But the more information that we have to monitor, the better.”
Top CU Cybersecurity Dangers
When it comes to the primary cybersecurity dangers to credit unions and other financial institutions, Glennon pointed to the data compromises that “have risen to record-breaking heights.”
He warned, “As technology advances, so will threats. We are going to see an increase in the use of AI (artificial intelligence), such as deepfakes, in targeted fraud as well as a rise in social engineering.”
The CTO added, “Both types of fraud include criminals posing as people either familiar to the victim or in a position of authority – even a credit union representative – to gain access to information all with the ultimate goal to take your money.”
Glennon maintained, “That is why staying in front of it is so important. Using an identity theft protection service to monitor your credit report and personal information is essential, so you can receive alerts if someone is trying to open a line of credit or other possible suspicious activity in your name. This allows you to act quickly and stop an identity thief in their tracks.”