Your personal information just isn't safe

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://money.cnn.com/2014/07/25/technology/security/target-experian/index.html

When Target lost data on some 110 million customers, it recommended them to
credit bureau Experian for "identity theft protection," offering to cover
the cost for a year.

Think you're in better hands? Think again.

Sometime before the Target (TGT) hack, Experian had its own data leak --
via a subsidiary. That data leak got plugged before Target sent victims to
Experian. But it shows that even those entrusted with our most sensitive
data don't know how to protect it.

Experian unknowingly sold the personal data of millions of Americans --
including Social Security numbers -- to a fraudster in Vietnam. That guy
then sold the personal information to identity thieves around the globe.

It wasn't until U.S. Secret Service agents alerted Experian that the
company stopped.

Hieu Minh Ngo, now 25, was caught and admitted to posing as a private
investigator in Singapore to get exclusive access to data via Court
Ventures, an Experian subsidiary. Ngo then sold access to fellow criminals.

Federal investigators say that let criminals reach databases with 200
million Americans' personal data, including:

names
addresses
Social Security numbers
birthdays
work history
driver's license numbers
email addresses
banking information

Criminals tapped that database 3.1 million times, investigators said.
Surprised you haven't heard this? It's because Experian is staying quiet
about it.

Target CEO: Customers are safe

It's been more than a year since Experian was notified of the leak. Yet the
company still won't say how many Americans were affected.

CNNMoney asked Experian to detail the scope of the breach. The company
refused.

"As we've said consistently, it is an unfortunate and isolated issue,"
Experian spokesman Gerry Tschopp said.

Target and Experian insist that the credit monitoring service is unrelated
to the incident involving Experian's data-selling business.

But even Experian's credit monitoring service, which collects data on
customers, isn't immune.

According Barry Kouns, a security professional who maintains a Cyber Risk
Analytic database of major data breaches, said Experian's databases have
been involved in 97 breaches of personal information.

"Based on our research, it appears that data brokers place a high value on
collecting and using our information but not so much on protecting it,"
Kouns said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!