Experian Sold Consumer Data to ID Theft Service – Krebs
Regular readers will recall that back in April 2012, this blogger filed a complaint against Experian with the FTC over their numerous data breaches. Jordan Robertson of Bloomberg News provided media coverage of Experian’s breaches and the complaint in November last year. To date, however, the FTC has not announced any investigation or charges against Experian.
A report by Brian Krebs yesterday will hopefully nudge the FTC into quicker action.
An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data fromExperian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.[…]
Martin said he first learned of the ID theft service after hearing from a U.S. Secret Service agent who called and said the law enforcement agency was investigating Experian and had obtained a grand jury subpoena against the company.
While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.
“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the databreach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”
You can read more details of his investigation on KrebsOnSecurity.