BreachExchange mailing list archives
Your personal information just isn't safe
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 25 Jul 2014 17:47:10 -0600
http://money.cnn.com/2014/07/25/technology/security/target-experian/index.html When Target lost data on some 110 million customers, it recommended them to credit bureau Experian for "identity theft protection," offering to cover the cost for a year. Think you're in better hands? Think again. Sometime before the Target (TGT) hack, Experian had its own data leak -- via a subsidiary. That data leak got plugged before Target sent victims to Experian. But it shows that even those entrusted with our most sensitive data don't know how to protect it. Experian unknowingly sold the personal data of millions of Americans -- including Social Security numbers -- to a fraudster in Vietnam. That guy then sold the personal information to identity thieves around the globe. It wasn't until U.S. Secret Service agents alerted Experian that the company stopped. Hieu Minh Ngo, now 25, was caught and admitted to posing as a private investigator in Singapore to get exclusive access to data via Court Ventures, an Experian subsidiary. Ngo then sold access to fellow criminals. Federal investigators say that let criminals reach databases with 200 million Americans' personal data, including: names addresses Social Security numbers birthdays work history driver's license numbers email addresses banking information Criminals tapped that database 3.1 million times, investigators said. Surprised you haven't heard this? It's because Experian is staying quiet about it. Target CEO: Customers are safe It's been more than a year since Experian was notified of the leak. Yet the company still won't say how many Americans were affected. CNNMoney asked Experian to detail the scope of the breach. The company refused. "As we've said consistently, it is an unfortunate and isolated issue," Experian spokesman Gerry Tschopp said. Target and Experian insist that the credit monitoring service is unrelated to the incident involving Experian's data-selling business. But even Experian's credit monitoring service, which collects data on customers, isn't immune. According Barry Kouns, a security professional who maintains a Cyber Risk Analytic database of major data breaches, said Experian's databases have been involved in 97 breaches of personal information. "Based on our research, it appears that data brokers place a high value on collecting and using our information but not so much on protecting it," Kouns said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Your personal information just isn't safe Audrey McNeil (Jul 29)