Home arrow Privacy Issues arrow In The News arrow Did Experian Have a Massive Data Breach That Went Unreported?
User Login





Lost Password?
No account yet? Register
Guard My Credit Menu
Home
- - - THE ISSUES - - -
Videos
Fraud and Scams
Credit Issues
Identity Theft
Privacy Issues
Our Children
Politics & Politicians
- - ACTION CENTER - -
Guard My Credit Links
Helpful Pamphlets
- - - - - - - - - - - - - - -
About ACCESS
Contact Us
About Our Site
Join the Fight
ACCESS is a non-profit, tax exempt consumer advocacy group.

Donations are tax deductable.
Guard My Credit Hits
12127081 Visitors
Did Experian Have a Massive Data Breach That Went Unreported? PDF Print E-mail

June 28, 2018 - The US 9th Circuit Court of Appeals has revived a copyright lawsuit between Experian and Nationwide Marketing Services (NMS). The suit claims that NMS is in possession of a list of data on more than 200 million Americans that was somehow copied or pilfered from Experian. While it is likely that if the suit ever makes it to the Supreme Court it will be thrown out - because you can't legally copyright facts like names and addresses - it raises a serious question. If Experian is correct, and the database in question was stolen or taken or copied from them, how come nobody is talking about this case in terms of what could be a massive data breach? 

Image Image

According to an article published in Techdirt, Experian never realized that a data breach had occurred until NWS attempted to sell them the database. When Experian did an in-house analysis of the data, the records were somewhere between a 94% and 97% match to Experian's own ConsumerView database. That was much too close a match to be anything other than theft… at least that appears to be Experian's theory, and it does sound reasonable.

Experian is claiming that the database was copyrighted; a claim which was thrown out by a lower court but which the appeals court has now revived. But from the point of view of consumers, the copyright claim is of little interest. But the ramifications of the claim are a different story. In order to make the claim, it would appear that Experian is admitting that the company somehow lost control of its data and that it wound up in the hands of an unauthorized third party; in this case, NMS. By default, that means they had a data breach and the lawsuit demonstrates that they know it.

The California Attorney General's Office data breach reporting requirements state, "California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (California Civil Code s. 1798.29(a) [agency] and California Civ. Code s. 1798.82(a) [person or business])" Both Experian and the court of appeals seem to think that it's reasonable to assume NMS was the unauthorized recipient of Experian's data. But a quick search of data breaches affecting Californians will show that Experian hasn't made such a report.

California isn't the only state with such requirements. In fact, all 50 US states and all American territories now have data breach notification laws. Shouldn't the Attorneys General in all of these areas be investigating why data breach notifications weren't sent to affected consumers? Experian knows who and where they are since they had the opportunity to analyze the data. Even if the risk of identity theft is deemed to be low, some state laws still require notification. And the fact that roughly 200 million names were on the list means that a majority of Americans were likely included in the breach.

Regardless of copyright issues or how NMS wound up with this list, another troubling question needs to be asked. Why is it legal anywhere in the United States to sell data which may have been acquired through theft or deceit? To be perfectly clear, we don't have any knowledge at all regarding how NMS assembled this list. Their means may have been perfectly legal. But Experian obviously doesn't think so and the 9th Circuit Court of Appeals obviously thinks there is some question about the provenance of the data. Why wasn't NMS enjoined from selling it until the matter is settled? And why isn't Experian the court for an injunction?

Of course the biggest mystery here might be why Experian filed a copyright lawsuit rather than trying to go after NMS for the theft of the list; which could have been a trade secret. We don't have an answer to that. All we do know is Experian is publically admitting that somehow, some way, they believe another company wound up with access to data that belonged to Experian. That my friends is a data breach, but nobody is talking about it. 

byJim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

 

Follow ACCESS

 

Comments
Search
Only registered users can write comments!

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."
 
Guard My Credit Polls
#1 - Why did you visit our site today?
 
.•*´¯☼ ♥ ♥ Your Support of These Links Is GREATLY Appreciated ♥ ♥ ☼¯´*•.
Advertisement
 
Go to top of page
Home | Contact Us |About Us | Privacy Policy
eXTReMe Tracker
12/28/2025 01:29:53