Experian has been hit by legal action for allegedly selling highly sensitive personal data to a convicted identity thief, in what has been branded “one of the largest security lapses in history”.
The class action lawsuit, filed by three plaintiffs in the US District Court in California, claims Experian Data Corp sold confidential data – including credit information and Social Security numbers – to convicted ID thief Hieu Minh Ngo.
It is alleged that Ngo then sold the information from Experian on to his own customers, who were also identity thieves.
“The security lapse is one of the largest data security lapses involving wrongfully disclosed and compromised personally identifiable information (PII) in the history of the United States,” the lawsuit states.
“At the time he was arrested, Ngo had 1,300 other fraudster customers who purchased and accessed plaintiffs’ and class members’ PII for the purpose of committing fraud against the members of the class.”
The plaintiffs are seeking class status for those who had information with Experian and are also seeking damages in excess of $5m (£3.2m) plus court costs.
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact firstname.lastname@example.org). If you are an existing user, please log in. If you have forgotten your log-in details please email email@example.com to get them reset!