Experian could be investigated by the US regulator, the FTC, after becoming the latest credit check agency to fall victim to a cyber attack.
Over the last six years, hackers have been hacking at credit check firms, and in 86 successful attacks have managed to obtain over 17,000 credit reports by finding weak security within connected institutions, from financial bodies to a police department, according to public records requests from a privacy advocate known as Dissent Doe.
Dublin-based Experian is one of the latest, and Dissent Doe has asked the Federal Trade Commission (FTC) to look into it.
The news agency claimed Experian had its database breached 80 times in this single breach, with almost 15,500 credit reports pilfered.
Dissent Doe has now filed a complaint with the Federal Trade Commission, asking it to investigate Experian’s security practices. The FTC has not yet commented on the case.
Yet whilst malware may have been resident on the bank’s machines, Experian infrastructure itself was never infected, TechWeekEurope understands. This publication also understands Experian was the first to notice the attempt on the US bank, notifying it and advising it to take action.
“We continue to invest in the security systems we have in place to protect our clients and consumers,” said a spokesman for Experian.
“Of course, the first line of defence lies with end users who are obligated to manage and protect their credentials, which in all these instances were compromised through malware that infected their hardware and other illegal means.”
A spokesperson told TechWeekEurope: “In the case relating to Abilene Telco, our security system quickly alerted them and subsequently the 702 consumers to the suspicious activity and ensured that the unauthorised access was disabled.
“As our action shows, our first priority – regardless of the source – is to always protect our clients and consumers from identity theft and our policy is to proactively notify consumers who may have been the victims of criminals trying to illegally obtain consumer information.”
Experian may not be able to palm off all responsibility, however. “I would argue that given the nature and sensitivity of the information being held by the credit reporting agencies, and the potential harm it could have on the affected individuals, these credit bureaus should not rely solely on their customers’ security to protect that data,” said Brian Honan, security consultant and head of Ireland’s Computer Security Incident Response Team.
“Being an Irish head-quartered company, Experian would come under the Irish Data Protection Act and is responsible for ensuring that adequate steps are taken to secure the personal data it holds. If those measures are not deemed to be good enough, Experian could come under investigation by the Irish DPC.”
Earlier this month, Experian warned of the rise in illegal data trade. Its research found almost 20 million pieces of personal data were illegally traded in the first six months of 2012.
Are you a security expert? Try our quiz!
US Commerce Secretary Gina Raimondo says Huawei's flagship smartphone chip 'years behind' US technology, shows…
Cloud companies, business user groups say Broadcom price changes do not address their concerns, as…
Dating app Grindr sued over claims it shared sensitive user data, including HIV status, with…
Meta Platforms opens operating system behind Quest virtual reality headsets to third parties amidst competition…
European Commission may ban rewards feature in recently launched TikTok Lite that it calls 'toxic…
US House of Representatives passes new bill combining TikTok measures with foreign aid, may face…