Cyber Security News

US States Probing Security Breach at Experian

April 5, 2014
/ Print / Reprints /
ShareMore
/ Text Size+

A number of U.S. states are jointly investigating a data breach involving a subsidiary of Experian Plc that exposed the social security numbers of 200 million people.

"We are investigating," Maura Possley, a spokeswoman for Illinois Attorney General Lisa Madigan, told Reuters on Thursday. "It's part of a multistate investigation."

Jaclyn Falkowski, spokeswoman for Connecticut Attorney General George Jepsen, said Connecticut is also looking into the matter.

A spokesman for Experian declined comment on the probe, saying the company does not comment on such investigations as a matter of policy, Reuters said.

Vietnamese national Hieu Minh Ngo last month pleaded guilty in New Hampshire federal court to running an underground website that offered clients access to personal data of Americans including social security numbers, which could be used for identity theft and other types of financial fraud.

Federal authorities say he obtained social security numbers through a U.S. firm known as Court Ventures, which provides customers with access to court records. It also offered them access to a database of social security numbers of some 200 million Americans through a data-share arrangement with another firm, known as U.S. Info Search, Reuters said.

Prosecutors say Ngo's customers used Court Ventures to make some 3.1 million queries of the U.S. Info Search database over an 18-month period. Experian spokesman Gerry Tschopp told Reuters access to the data ended on December 4, 2012, when his company turned off the Court Ventures portal that Ngo used to access the database.

Authorities have not said how many people's data was accessed through those queries, each of which could have potentially included multiple records or returned no data. They have not identified any specific cases in which stealing of data through Court Ventures has led to identity theft or other crimes.

Officials with both Experian and U.S. Info Search say they have not been able to ascertain which records were accessed by Ngo's customers and are therefore unable to notify victims, Reuters said.

U.S. Info Search Chief Executive Officer Marc Martin told Reuters he cannot identify the victims of the breach because he is unable to ascertain which queries that came from Court Ventures were from Ngo's account and which were from other clients.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security December 2014 issue cover

2014 December

This issue of Security Magazine covers our 12th annual Top Guarding Firms list. Check out the best of the best as of December 2014. The 21st century has brought with it new types of security threats. Read how to combat and protect against these threats.

Table Of Contents Subscribe

Security Emergency Preparedness Training

Which security personnel emergency preparedness training is the top priority to you and your enterprise?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.