Experian could be investigated by the US regulator, the FTC, after becoming the latest credit check agency to fall victim to a cyber attack.
Over the last six years, hackers have been hacking at credit check firms, and in 86 successful attacks have managed to obtain over 17,000 credit reports by finding weak security within connected institutions, from financial bodies to a police department, according to public records requests from a privacy advocate known as Dissent Doe.
Dublin-based Experian is one of the latest, and Dissent Doe has asked the Federal Trade Commission (FTC) to look into it.
The news agency claimed Experian had its database breached 80 times in this single breach, with almost 15,500 credit reports pilfered.
Dissent Doe has now filed a complaint with the Federal Trade Commission, asking it to investigate Experian’s security practices. The FTC has not yet commented on the case.
Yet whilst malware may have been resident on the bank’s machines, Experian infrastructure itself was never infected, TechWeekEurope understands. This publication also understands Experian was the first to notice the attempt on the US bank, notifying it and advising it to take action.
“We continue to invest in the security systems we have in place to protect our clients and consumers,” said a spokesman for Experian.
“Of course, the first line of defence lies with end users who are obligated to manage and protect their credentials, which in all these instances were compromised through malware that infected their hardware and other illegal means.”
A spokesperson told TechWeekEurope: “In the case relating to Abilene Telco, our security system quickly alerted them and subsequently the 702 consumers to the suspicious activity and ensured that the unauthorised access was disabled.
“As our action shows, our first priority – regardless of the source – is to always protect our clients and consumers from identity theft and our policy is to proactively notify consumers who may have been the victims of criminals trying to illegally obtain consumer information.”
Experian may not be able to palm off all responsibility, however. “I would argue that given the nature and sensitivity of the information being held by the credit reporting agencies, and the potential harm it could have on the affected individuals, these credit bureaus should not rely solely on their customers’ security to protect that data,” said Brian Honan, security consultant and head of Ireland’s Computer Security Incident Response Team.
“Being an Irish head-quartered company, Experian would come under the Irish Data Protection Act and is responsible for ensuring that adequate steps are taken to secure the personal data it holds. If those measures are not deemed to be good enough, Experian could come under investigation by the Irish DPC.”
Earlier this month, Experian warned of the rise in illegal data trade. Its research found almost 20 million pieces of personal data were illegally traded in the first six months of 2012.
Are you a security expert? Try our quiz!
But will Beijing or ByteDance allow sale? Amazon joins potential bidders for TikTok in US,…
Elon Musk dismisses report that Trump told cabinet that he expects Musk to leave his…
Mark Zuckerberg is reportedly lobbying President Donald Trump for a settlement to avoid antitrust trial…
As global markets reel from Trump's tariffs, the price of Bitcoin slides as investors seek…
Semiconductor imports are free of Trump's tariff war, but concerns remain over imports of smartphones…