Illinois, Connecticut Probe Data Grab Via Experian UnitAndrew Harris
An Experian Plc unit is the target of investigations by Illinois and Connecticut attorneys general in the illegal trafficking of social security numbers and other individual identifying data by a Vietnamese man who pleaded guilty to federal fraud charges in March.
Experian, the credit-reporting service selected by Target Corp. in January to provide free monitoring to people whose information may have been stolen in that retailer’s data breach, said its Court Ventures unit was the conduit for Hieu Minh Ngo to obtain information from an unrelated business, U.S. InfoSearch. He later sold the data online. Both companies say Ngo posed as a legitimate businessman to obtain the information.
Illinois Attorney General Lisa Madigan’s spokeswoman, Maura Possley, said that office is looking into the situation and declined to comment on details of the investigation. Jaclyn Falkowski, a spokeswoman for Connecticut Attorney General George Jepsen, said the office is investigating and that she couldn’t comment further.
Ngo was accused of offering for sale and selling personal identifying information on more than 500,000 people in a November 2012 federal indictment.
He pleaded guilty to three fraud counts on March 3. Ngo admitted that from 2007 to February 2013 he sold “fullz,” a slang term for the sale of personal information packages including names, addresses, birth dates, social security and driver’s license numbers, mothers’ maiden names, bank account and routing numbers, e-mail addresses and passwords, knowing it would be used for illegal purposes, according to a federal court filing in New Hampshire.
Ngo was arrested in February 2013, according to the U.S. Justice Department. He is scheduled to be sentenced on June 16.
Gerry Tschopp, a spokesman for Experian, which bought Court Ventures in March 2012, declined to comment on the investigations by Madigan and Jepsen. The London-based company on its website disputed published reports that the breach put the records of as many as 200 million people at risk and said no Experian data was compromised.
“The database that was accessed in this criminal scheme was owned and controlled by US InfoSearch, a company that is completely separate from Experian,” the company said.
Marc Martin, chief executive officer of Columbus, Ohio-based U.S. InfoSearch, disputed Experian’s account in a telephone interview today.
“It was never our data breach,” he said.
The company was one of several that made information available to Court Ventures for resale to businesses engaged in fraud prevention, he said.
“We never received a penny he sent,” Martin said of Ngo’s purchases through Court Ventures, saying it was up to Court Ventures and later Experian to ensure the security of the data.
Experian and US InfoSearch say they learned of the wrongdoing when the U.S. Secret Service told them it was investigating Court Ventures’ sale of information to somebody posing as a legitimate businessman while possibly engaged in illegal activity.
Martin, in an e-mailed statement, said his company learned of that probe in December 2012.
“We have cooperated and assisted the authorities in their investigation and from the onset have urged Experian to make timely notifications,” he said.
The criminal case is U.S. v. Ngo, 12-cr-00144, U.S. District Court, District of New Hampshire (Concord).