Experian could be investigated by the US regulator, the FTC, after becoming the latest credit check agency to fall victim to a cyber attack.
Over the last six years, hackers have been hacking at credit check firms, and in 86 successful attacks have managed to obtain over 17,000 credit reports by finding weak security within connected institutions, from financial bodies to a police department, according to public records requests from a privacy advocate known as Dissent Doe.
Dublin-based Experian is one of the latest, and Dissent Doe has asked the Federal Trade Commission (FTC) to look into it.
The news agency claimed Experian had its database breached 80 times in this single breach, with almost 15,500 credit reports pilfered.
Dissent Doe has now filed a complaint with the Federal Trade Commission, asking it to investigate Experian’s security practices. The FTC has not yet commented on the case.
Yet whilst malware may have been resident on the bank’s machines, Experian infrastructure itself was never infected, TechWeekEurope understands. This publication also understands Experian was the first to notice the attempt on the US bank, notifying it and advising it to take action.
“We continue to invest in the security systems we have in place to protect our clients and consumers,” said a spokesman for Experian.
“Of course, the first line of defence lies with end users who are obligated to manage and protect their credentials, which in all these instances were compromised through malware that infected their hardware and other illegal means.”
A spokesperson told TechWeekEurope: “In the case relating to Abilene Telco, our security system quickly alerted them and subsequently the 702 consumers to the suspicious activity and ensured that the unauthorised access was disabled.
“As our action shows, our first priority – regardless of the source – is to always protect our clients and consumers from identity theft and our policy is to proactively notify consumers who may have been the victims of criminals trying to illegally obtain consumer information.”
Experian may not be able to palm off all responsibility, however. “I would argue that given the nature and sensitivity of the information being held by the credit reporting agencies, and the potential harm it could have on the affected individuals, these credit bureaus should not rely solely on their customers’ security to protect that data,” said Brian Honan, security consultant and head of Ireland’s Computer Security Incident Response Team.
“Being an Irish head-quartered company, Experian would come under the Irish Data Protection Act and is responsible for ensuring that adequate steps are taken to secure the personal data it holds. If those measures are not deemed to be good enough, Experian could come under investigation by the Irish DPC.”
Earlier this month, Experian warned of the rise in illegal data trade. Its research found almost 20 million pieces of personal data were illegally traded in the first six months of 2012.
Are you a security expert? Try our quiz!
AWS to work with Intel on designing, manufacturing AI data centre chip in significant win…
Intel reportedly lost bid to design, manufacture PlayStation 6 processor to AMD in blow to…
US issues new sanctions on Intellexa, Greece-based company founded by former Israeli military office, over…
Pioneering AI researcher Li Feifei raises $230m in venture funding for World Labs, with valuation…
China rapidly closing gap with US and West on artificial intelligence and other areas, while…
China's technology ministry says two upcoming chip manufacturing tools made 'significant breakthroughs', but still lag…