• News
  • Finance

Experian probed for security breach

A security breach involving a unit of credit-reporting company Experian Plc that allowed criminals access to Social Security numbers and other personal data of more than 200 million people is being investigated, said Massachusetts Attorney General Martha Coakley.

The probe will look into data broker U.S. InfoSearch, Coakley said in a statement Tuesday. Experian owns Court Ventures, which had a data-sharing agreement with U.S. InfoSearch, where the security breach occurred. Illinois and Connecticut are also looking into the matter. “We are especially concerned about allegations that the companies may have known of this incident for over a year, while not reporting it so consumers could protect themselves,” Coakley said in the statement.

The probe follows the March 3 guilty plea in New Hampshire federal court by Hieu Ngo of Vietnam, who was charged with operating a website that offered clients access to personal information that could be used to commit identity theft or financial fraud, according to Coakley’s statement.

Target Corp. (NYSE: TGT), a victim of a security breach last year, had selected Experian, the Dublin-based credit-reporting service, to provide free monitoring to people whose information may have been stolen. Experian said its Court Ventures unit was the conduit for Ngo to obtain information from U.S. InfoSearch. He later sold the data online. Both companies say Ngo posed as a legitimate businessman to obtain the information.

‘Isolated issue’

“While this is an unfortunate and isolated issue, Experian has devoted its full attention to the matter and continues to fully cooperate with investigators to uncover the facts,” Michael Troncale, a company spokesman, said in an e-mailed statement.

Ngo admitted that from 2007 to February 2013 he sold “fullz,” a slang term for personal information packages including names, addresses, birth dates, Social Security and driver’s license numbers, mothers’ maiden names, bank account and routing numbers, email addresses and passwords, knowing it would be used for illegal purposes, according to a federal court filing in New Hampshire.

Ngo was arrested in February 2013, according to the U.S. Justice Department. He’s scheduled to be sentenced on June 16.

User Response
0 UserComments