Experian Probed for Security Breach, Massachusetts SaysErik Larson
A security breach involving a unit of credit-reporting company Experian Plc that allowed criminals access to Social Security numbers and other personal data of more than 200 million people is being investigated by Massachusetts, state Attorney General Martha Coakley said.
The probe will look into data broker U.S. InfoSearch, Coakley said in a statement today. Experian owns Court Ventures, which had a data-sharing agreement with U.S. InfoSearch, where the security breach occurred. Illinois and Connecticut are also looking into the matter.
“We are especially concerned about allegations that the companies may have known of this incident for over a year, while not reporting it so consumers could protect themselves,” Coakley said in the statement.
The probe follows the March 3 guilty plea in New Hampshire federal court by Hieu Ngo of Vietnam, who was charged with operating a website that offered clients access to personal information that could be used to commit identity theft or financial fraud, according to Coakley’s statement.
Target Corp., a victim of a security breach last year, had selected Experian, the Dublin-based credit-reporting service, to provide free monitoring to people whose information may have been stolen.
Experian said its Court Ventures unit was the conduit for Ngo to obtain information from U.S. InfoSearch. He later sold the data online. Both companies say Ngo posed as a legitimate businessman to obtain the information.
“While this is an unfortunate and isolated issue, Experian has devoted its full attention to the matter and continues to fully cooperate with investigators to uncover the facts,” Michael Troncale, a company spokesman, said in an e-mailed statement.
Ngo admitted that from 2007 to February 2013 he sold “fullz,” a slang term for personal information packages including names, addresses, birth dates, Social Security and driver’s license numbers, mothers’ maiden names, bank account and routing numbers, e-mail addresses and passwords, knowing it would be used for illegal purposes, according to a federal court filing in New Hampshire.
Ngo was arrested in February 2013, according to the U.S. Justice Department. He’s scheduled to be sentenced on June 16.