A group of state attorneys general in the U.S. is launching an investigation into a recently disclosed data breach of 200 million personal records at a subsidiary of credit monitoring firm Experian.
Connecticut Attorney General George Jepsen plans to investigate the breach, according to a spokeswoman, and a group of attorneys general, including Lisa Madigan of Illinois, will also investigate, according to a news report. The investigations would focus on a breach at Court Ventures, a data broker Experian purchased in 2012.
A database of consumer records that Court Ventures had access to was breached by Hieu Minh Ngo, a Vietnamese man who ran a business based on selling personally identifiable information, according to news reports and court records. It's unclear when Ngo breached the database Court Ventures had access to.
Ngo apparently tricked Court Ventures into giving him access to a personal records database by posing as a private investigator from Singapore, according to reports from Krebs on Security. Much of the information about the Court Ventures breach came out when he pleaded guilty in March in a New Hampshire court to wire fraud, identification fraud and fraud in connection with access devices.
Ngo was arrested in Guam in February 2013, according to court documents. He had been selling personal information, including credit card numbers and Social Security numbers, since 2007, and had about 1,300 customers at the time of his arrest, according to court information. Ngo allowed his customers to make more than 3 million queries of the database compromised through Court Ventures.
An Experian spokesman didn't return a message seeking comment on the investigations.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.