Experian Probed for Security Breach, Massachusetts Says

A security breach involving a unit of credit-reporting company Experian Plc (EXPN) that allowed criminals access to Social Security numbers and other personal data of more than 200 million people is being investigated by Massachusetts, state Attorney General Martha Coakley said.

The probe will look into data broker U.S. InfoSearch, Coakley said in a statement today. Experian owns Court Ventures, which had a data-sharing agreement with U.S. InfoSearch, where the security breach occurred. Illinois and Connecticut are also looking into the matter.

“We are especially concerned about allegations that the companies may have known of this incident for over a year, while not reporting it so consumers could protect themselves,” Coakley said in the statement.

The probe follows the March 3 guilty plea in New Hampshire federal court by Hieu Ngo of Vietnam, who was charged with operating a website that offered clients access to personal information that could be used to commit identity theft or financial fraud, according to Coakley’s statement.

Target Corp., a victim of a security breach last year, had selected Experian, the Dublin-based credit-reporting service, to provide free monitoring to people whose information may have been stolen.

Experian said its Court Ventures unit was the conduit for Ngo to obtain information from U.S. InfoSearch. He later sold the data online. Both companies say Ngo posed as a legitimate businessman to obtain the information.

‘Isolated Issue’

“While this is an unfortunate and isolated issue, Experian has devoted its full attention to the matter and continues to fully cooperate with investigators to uncover the facts,” Michael Troncale, a company spokesman, said in an e-mailed statement.

Ngo admitted that from 2007 to February 2013 he sold “fullz,” a slang term for personal information packages including names, addresses, birth dates, Social Security and driver’s license numbers, mothers’ maiden names, bank account and routing numbers, e-mail addresses and passwords, knowing it would be used for illegal purposes, according to a federal court filing in New Hampshire.

Ngo was arrested in February 2013, according to the U.S. Justice Department. He’s scheduled to be sentenced on June 16.

To contact the reporter on this story: Erik Larson in New York at elarson4@bloomberg.net

To contact the editors responsible for this story: Andrew Dunn at adunn8@bloomberg.net Joe Schneider

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.