Experian subsidiary sold personal details to fraudster in six-year scam

By Graeme Burton
31 Mar 2014 View Comments
Cyber thief

A US subsidiary of credit reference agency Experian released the personal details of more than 500,000 people to a fraudster posing as a private investigator.

The records, which included dates and places of birth, addresses, social security details, phone numbers and email addresses, were subsequently sold on to identity fraudsters for at least $2.3m between 2007 and 2013.

Further reading

Vietnamese national Hieu Minh Ngo had convinced Court Ventures, an Experian subsidiary, to release the sensitive data after posing as a Singaporean private investigator.

The case highlights how "social engineering" can be used to undermine organisations' information security - people invariably being the weakest link. 

Ngo paid for the data from the company, which Experian acquired outright in 2012, by wiring monthly payments from Singapore to Court Ventures in exchange for the information. The arrangement continued after Experian acquired the company and was only investigated after US intelligence agencies warned the company.

The purchasers of the information used it to file fraudulent tax returns, acquire bank loans and run up bills in the names of the victims - ruining their credit standing with organisations like Experian.

Experian, which has recently won a contract with the UK's Identity Assurance programme, said that the fraud was a one-off and did not affect its UK records.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

35 %
31 %
14 %
20 %