Fraudster bought names and address from Experian, says Krebs
Data broker duped
Brian Krebs alleges a subsidiary of data aggregator Experian was duped into selling personal information about millions of Americans by a scammer.
Detailing his investigations here, Krebs accuses a Vietnamese national indicted in New Hampshire, Hieu Minh Ngo, of using the handle “hieupc” to operate Superget.info, which marketed itself as allowing lookups of individuals' social security numbers, drivers' license records, and financial information.
The link to Experian, Krebs reports, came via its acquisition of a company called Court Ventures. He writes that Superget.info gained access to Court Ventures' databases by posing as a private investigator. He claims that a third party, Marc Martin, CEO of Info Search (which had a data sharing arrangement with Court Ventures), says payments for access to the datasets came as transfers from Singapore.
Experian told Krebs it has worked with authorities on the arrest of Ngo, via this statement: “Experian acquired Court Ventures in March, 2012 because of its national public records database. After the acquisition, the US Secret Service notified Experian that Court Ventures had been and was continuing to resell data from US Info Search to a third party possibly engaged in illegal activity. Following notice by the US Secret Service, Experian discontinued reselling US Info Search data and worked closely and in full cooperation with law enforcement to bring Vietnamese national Hieu Minh Ngo, the alleged perpetrator, to justice. Experian’s credit files were not accessed. Because of the ongoing federal investigation, we are not free to say anything further at this time.”
Krebs says Ngo operated a second similar site called findget.me, and along with Superget.info, he held and offered access to data on “more than half a million people”.
Meanwhile, data aggregators – in particular, their control over who they sell data to – is bound to come under the spotlight even more than it already has, with hints that the Federal Trade Commission is becoming more active in the field. ®
Sponsored: Data Loss Prevention & Data Theft Prevention