“It seems to be standard practice nowadays to offer some sort of Experian-type service after a data breach. Perhaps doing so frees the breached company from any sort of legal liability. (What happens when Experian is hacked?)”
The idea was simple - if you had the victim’s name, address, birthday and Social Security number (all of which might be obtained from a previous incident), you could go to one of the websites offering free credit reports, and submit the data to request one. At that point, the website would redirect you to the Experian website where you’d be required to submit more personally identifiable information, such as questions about previous addresses of living and such.If a thief already had an individual's personal data why would they want to hack Experian to obtain a credit report? To see if they hadn't been caught yet? To validate the data you are about to sell or purchase on the dark web? I don't know about that.