Experian has been hit by legal action for allegedly selling highly sensitive personal data to a convicted identity thief, in what has been branded “one of the largest security lapses in history”.
The class action lawsuit, filed by three plaintiffs in the US District Court in California, claims Experian Data Corp sold confidential data – including credit information and Social Security numbers – to convicted ID thief Hieu Minh Ngo.
It is alleged that Ngo then sold the information from Experian on to his own customers, who were also identity thieves.
“The security lapse is one of the largest data security lapses involving wrongfully disclosed and compromised personally identifiable information (PII) in the history of the United States,” the lawsuit states.
“At the time he was arrested, Ngo had 1,300 other fraudster customers who purchased and accessed plaintiffs’ and class members’ PII for the purpose of committing fraud against the members of the class.”
The plaintiffs are seeking class status for those who had information with Experian and are also seeking damages in excess of $5m (£3.2m) plus court costs.
Related stories
Experian guns for chief over theft
Experian bomb threat man charged
Experian sued for selling data to thief http://t.co/QRqTyPGI4u #marketing
Experian sued for selling data to ID thief http://t.co/VzFALUGFch #directmarketing #digitalmarketing #IDtheft http://t.co/OiAtcT7Brt
Sounds like an easy route to acquire data…… https://t.co/78lVEIHixe