|
 Separately U.S. Senator Claire McCaskill, a Democrat from Missouri,
chided the company, saying she was concerned it had changed its
explanation of how it was responding to the breach.
McCaskill told Reuters she was troubled to learn Experian has
recently said it would not be able to notify people whose Social
Security numbers were compromised in the scheme.
"It's troubling that Experian would wait three months after
testifying, only to change their story, all while victims who had
their identities stolen remain at risk as a result of this crime,"
McCaskill told Reuters via email.
A Vietnamese man last month confessed in federal court in New
Hampshire to orchestrating the breach. He is due to be sentenced in
June.
The man, Hieu Minh Ngo, admitted to using a false identity to open
an account with a firm known as Court Ventures sometime before March
2012, when Experian bought the company. He used that account to
conduct more than 3 million queries of a Social Security number
database that Court Ventures made available to clients through an
agreement with another company, U.S. Info Search, according to court
documents.
An official in Iowa told Reuters on Tuesday that his state has
joined a multistate probe of the case, which includes at least
Illinois and Connecticut. He said the states will examine whether
companies took adequate steps to protect private financial data,
whether they notified victims in a timely manner and what they are
doing to help consumers prevent harm to their financial well-being.
"Consumer protection laws generally provide the basis for our
investigations," said Bill Brauch, director of the consumer
protection division of the Iowa attorney general's office.
Brauch's comments are the first to indicate the direction of the
multistate probe as officials with Connecticut and Illinois have so
far declined to discuss such details. It is not known which other
states, if any, are formally investigating the breach beyond
Connecticut, Illinois and Iowa.
A spokeswoman for North Carolina's Attorney General, Roy Cooper,
said on Tuesday that he was "concerned about the matter" and
gathering more information, though his office had not begun a formal
probe.
Experian spokeswoman Susan Henson said her company was cooperating
with authorities, but that notification was up to U.S. Info Search
because it owned the database that Ngo had queried through Court
Ventures.
[to top of second column] |
"U.S. Info Search is the company that owns the database, and only it
has the ability to know what data was returned in response to Ngo's
inquiries," she said. "Experian has attempted to engage U.S. Info
Search to assist in identifying affected consumers."
U.S. Info Search Chief Executive Marc Martin told Reuters that it
was up to Experian to notify consumers.
"The suspect didn't have access to our system and it was Experian
that sold the data and collected the funds," Martin said.
Meanwhile, McCaskill voiced her concerns regarding the breach and
the company's change in possibly handling the issue.
Experian Senior Vice President Tony Hadley had told McCaskill at a
hearing of the Senate Commerce Committee in December that "We know
who they are and are going to make sure we are going to protect
them."
Last week, Experian spokesman Gerry Tschopp told Reuters that Hadley
"was addressing our general policy," and not the specific case
involving Ngo.
McCaskill told Reuters that the case underscored the need to pass a
federal law mandating standard procedures for notifying victims of
data breaches across all 50 states.
Henson said that Experian supports passage of such a law.
(Reporting by Jim Finkle; editing by Bernard Orr)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
