BOSTON (4/24/14)--Yet another state has launched a probe into a data breach involving the credit-reporting company Experian Plc, an incident that led to the exposure of about 200 million Social Security numbers.
Massachusetts Attorney General Martha Coakley announced this week that her office has opened an investigation into U.S. Info Search, the data broker whose data-sharing agreement with a company Experian purchased in 2012 was compromised, leading to the fraudulent acts (Boston Business Journal April 22).
Illinois and Connecticut, who also have spearheaded a multistate investigation into the Target data breach where more than 40 million payment card numbers and 70 million other pieces of information were stolen, as well as Iowa and North Carolina are reportedly looking into the breach.
Credit unions have paid more than $30 million in costs related to the Target breach, according to the Credit Union National Association. Leaders continue to push lawmakers in Washington D.C. to address the disparity in data-security requirements between financial institutions and the under-regulated merchants.
While the details of who may have been at fault for the Experian data breach are still uncertain, authorities have charged the individual who distributed the sensitive information.
Last month a Vietnamese man pled guilty to federal charges in New Hampshire of operating a website that allegedly illegally offered clients access to personal information such as Social Security numbers.
Hieu Ngo, the man charged with orchestrating the operation, allegedly sold access to the information, which was to be used to commit identity theft or financial fraud, according to Boston Business Journal.
Allegedly, Ngo was able to access the information because of a "reciprocal data-sharing agreement" between Court Ventures--a U.S.-based company with which he had an account--and U.S. Info Search, both of which are now under investigation by the Massachusetts Attorney General.
That data agreement somehow allowed Ngo access to a database full of hundreds of millions of pieces of personal information.
More than 3 million queries by at least 1,300 people allegedly were made to the database using Ngo's account during an 18-month period of time.
Experian has been pulled into this case because in March 2012 it bought Court Ventures, which allowed Ngo and his account to access the personal information for at least 10 months after the purchase.
The leading credit score reporting company says its credit card databases were not infiltrated, however.
"While this is an unfortunate and isolated issue, Experian has devoted its full attention to the matter and continues to fully cooperate with investigators to uncover the facts," Michael Troncale, spokesperson for Experian, said in a statement emailed to Bloomberg.com (April 22).