US States Probing Security Breach at Experian

A number of U.S. states are jointly investigating a data breach involving a subsidiary of Experian Plc that exposed the social security numbers of 200 million people.

"We are investigating," Maura Possley, a spokeswoman for Illinois Attorney General Lisa Madigan, told Reuters on Thursday. "It's part of a multistate investigation."

Jaclyn Falkowski, spokeswoman for Connecticut Attorney General George Jepsen, said Connecticut is also looking into the matter.

A spokesman for Experian declined comment on the probe, saying the company does not comment on such investigations as a matter of policy, Reuters said.

Vietnamese national Hieu Minh Ngo last month pleaded guilty in New Hampshire federal court to running an underground website that offered clients access to personal data of Americans including social security numbers, which could be used for identity theft and other types of financial fraud.

Federal authorities say he obtained social security numbers through a U.S. firm known as Court Ventures, which provides customers with access to court records. It also offered them access to a database of social security numbers of some 200 million Americans through a data-share arrangement with another firm, known as U.S. Info Search, Reuters said.

Prosecutors say Ngo's customers used Court Ventures to make some 3.1 million queries of the U.S. Info Search database over an 18-month period. Experian spokesman Gerry Tschopp told Reuters access to the data ended on December 4, 2012, when his company turned off the Court Ventures portal that Ngo used to access the database.

Authorities have not said how many people's data was accessed through those queries, each of which could have potentially included multiple records or returned no data. They have not identified any specific cases in which stealing of data through Court Ventures has led to identity theft or other crimes.

Officials with both Experian and U.S. Info Search say they have not been able to ascertain which records were accessed by Ngo's customers and are therefore unable to notify victims, Reuters said.

U.S. Info Search Chief Executive Officer Marc Martin told Reuters he cannot identify the victims of the breach because he is unable to ascertain which queries that came from Court Ventures were from Ngo's account and which were from other clients.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.