Experian Accused Of Selling Private Data To Identity Thief

  • 4toner4
  • ces_web_banner_toner_news_902x1776
  • Print
  • clover-depot-intl-us-ca-email-signature-05-10-2017-902x1772
  • cartridgewebsite-com-big-banner-02-09-07-2016
  • banner-01-26-17b
  • mse-big-banner-new-03-17-2016-416716a-tonernews-web-banner-mse-212
  • 2toner1-2
  • 05 02 2016 429716a-cig-clearchoice-banner-902x177
  • ncc-banner-902-x-177-june-2017

Experian Accused Of Selling Private Data To Identity Thief

 news 2015-07-23 at 11:12:07 am Views: 360
  • #43109

    Experian Accused Of Selling Private Data To Identity Thief
    By Steven Trader

    Law360, New York (July 20, 2015, 7:41 PM ET) — Consumer credit agency Experian Data Corp. was hit Friday with putative class action in California federal court accusing it of selling sensitive personal information to a convicted identity thief, who then resold it online to other known identity thieves, potentially affecting millions of consumers.
    Three plaintiffs from separate states allege in their complaint that, by posing as a private investigator and paying $15,000 a month, identity thief Hieu Minh Ngo had access to personal information including Social Security numbers, addresses, dates of birth and bank account numbers of more than 200 million U.S. citizens through Experian subsidiary Court Ventures Inc. and Ohio-based data broker U.S. Info Search starting in 2010, which he then sold online to potentially 1,300 other identity thieves.

    Though Experian didn’t purchase Court Ventures until March 2012, the complaint alleges that by failing to perform even a basic investigation into Ngo’s business at the time of sale, as well as ignoring several red flags that Court Ventures was unlawfully obtaining personal information, Experian facilitated the illegal operation and continued collecting payments from Ngo until the U.S. Secret Service alerted the company of a data theft investigation against Ngo later that year.

    According to the complaint, the Vietnamese hacker, under the guise of private investigation company “SG Investigators,” began paying Court Ventures for database access in July 2010. Court Ventures aggreged public record court data from more than 1,400 state and county record repositories representing more than 80 percent of the U.S. population, according to the complaint.

    Additionally, Ngo also had access to Ohio-based data broker U.S. Info Search, because of an agreement between it and Court Ventures to share databases.

    Shortly after initiating access, Ngo began selling basic consumer information online through two fraudster websites — generating 3.1 million queries by at least 1,300 “customers” interested in the data, according to the complaint.

    The plaintiffs say that when Experian purchased Court Ventures in early 2012, it discovered that SG Investigators was the largest buyer of consumer data, but failed to investigate the company. Additionally, they say shortly after the sale, Experian discovered that Court Ventures had been illegally obtaining public record information through a practice known as Web scraping. However, the plaintiffs say Experian instead continued to accept payments from SG Investigators for another 10 months.

    Ngo was arrested in February 2013 and sentenced to 13 years in prison for hacking, as were at least two of his customers who bought the plaintiffs’ personal information online.

    The plaintiffs allege that, though Experian has admitted its liability for Court Ventures’ actions, it has not alerted potential fraud victims, despite sworn testimony in December 2013 from Experian Vice President Tony Hadley to Congress that the company knows who the affected consumers are and is making sure they are protected.

    “Experian’s failure and refusal to do so is particularly egregious in light of Experian’s self-touted expertise in data-breach management,” the complaint said. “Indeed, Experian’s data breach response guide emphasizes the importance of implementing an effective notification program. Experian’s failure to take its own advice to rectify a serious situation that it created, is willful, reckless, and designed to forestall the investigation and obstruct justice. Physician, heal thyself.”

    Plaintiffs say the class size could reach into the millions, and are seeking damages for Experian’s alleged violation of the Fair Credit Reporting Act as well as injunctive relief requiring the company to notify each affected citizen.

    Representatives for Experian declined to comment on the pending litigation, and attorney information was not immediately available.

    The plaintiffs are represented by Timothy G. Blood and Paula M. Roach of Blood Hurst & O’Reardon LLP, Erich P. Schork and Ben Barnow of Barnow and Associates PC and Richard Coffman of the Coffman Law Firm.

    The case is Patton et al. v. Experian Data Corp., case number 8:15-cv-01142, in the U.S. District Court for the Central District of California.
    –Editing by Mark Lebetkin.