Feeds

Fraudster bought names and address from Experian, says Krebs

Data broker duped

  • alert
  • submit to reddit

Remote control for virtualized desktops

Brian Krebs alleges a subsidiary of data aggregator Experian was duped into selling personal information about millions of Americans by a scammer.

Detailing his investigations here, Krebs accuses a Vietnamese national indicted in New Hampshire, Hieu Minh Ngo, of using the handle “hieupc” to operate Superget.info, which marketed itself as allowing lookups of individuals' social security numbers, drivers' license records, and financial information.

The link to Experian, Krebs reports, came via its acquisition of a company called Court Ventures. He writes that Superget.info gained access to Court Ventures' databases by posing as a private investigator. He claims that a third party, Marc Martin, CEO of Info Search (which had a data sharing arrangement with Court Ventures), says payments for access to the datasets came as transfers from Singapore.

Experian told Krebs it has worked with authorities on the arrest of Ngo, via this statement: “Experian acquired Court Ventures in March, 2012 because of its national public records database. After the acquisition, the US Secret Service notified Experian that Court Ventures had been and was continuing to resell data from US Info Search to a third party possibly engaged in illegal activity. Following notice by the US Secret Service, Experian discontinued reselling US Info Search data and worked closely and in full cooperation with law enforcement to bring Vietnamese national Hieu Minh Ngo, the alleged perpetrator, to justice. Experian’s credit files were not accessed. Because of the ongoing federal investigation, we are not free to say anything further at this time.”

Krebs says Ngo operated a second similar site called findget.me, and along with Superget.info, he held and offered access to data on “more than half a million people”.

Meanwhile, data aggregators – in particular, their control over who they sell data to – is bound to come under the spotlight even more than it already has, with hints that the Federal Trade Commission is becoming more active in the field. ®

Remote control for virtualized desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.