Connecticut, Illinois to investigate massive breach at Experian co.

Share this article:
Sally Beauty confirms that customer data was accessed in breach
The breach struck Experian subsidiary, Court Ventures.

According to reports, a multistate investigation has been launched, after an Experian subsidiary, Court Ventures, was struck by a breach impacting more than 200 million Americans.

On Thursday, Reuters reported that attorneys general in Connecticut, Illinois, and potentially other states, planned to look into a major identity theft case where sensitive information, including Social Security numbers, addresses, dates of birth, phone numbers and email addresses of consumers, was exposed to criminals.

In October, security journalist Brian Krebs detailed how Experian indirectly sold consumer data to an ID theft service run by a Vietnamese national Hieu Minh Ngo. Court documents revealed that Ngo, posing as a private investigator, paid Court Ventures so he could access sensitive database information available to the firm.

Last month, Ngo pleaded guilty in a federal New Hampshire court to devising the scheme.

According to the Thursday Reuters report, state investigations will likely center on whether credit bureau Experian and other involved companies followed proper data security and breach disclosure laws.

On Friday, Jaclyn Falkowski, a spokeswoman for the Connecticut Attorney General's office, confirmed with SCMagazine.com via phone that “Connecticut will be inquiring on the breach,” but that the office had “no further comment,” on the matter.

That day, Maura Possley, a spokeswoman for the Illinois Attorney General's office, told SCMagazine.com that its probe was “part of a multistate investigation.”

“We are investigating based on reports of a data breach involving Experian,” Possley said.

Share this article:

Sign up to our newsletters

More in News

AOL announces that it does not follow 'Do Not Track' requests

Eight months after the enactment of a new California privacy law, AOL clarified that it does not respond to web browsers' "Do Not Track" requests.

Experts discover history of malware infections on network of Community Health Systems

Following a major breach at the hospital provider, security experts analyzed its network and discovered malware infections dating back to January.

With Black Hat and DefCon comes spike in Vegas-based attacks

A recent study found that the number of attacks during the two conferences increased to about 130 times the usual amount.