As I tweeted last night, Experian has sued the former owner/shareholder of Court Ventures over the mess Experian found itself in when it acquired Court Ventures and later learned that a criminal had been using a Court Ventures account to access a U.S InfoSearch database with information on over 200 million Americans.
Today, Jim Finkle of Reuters reports on Experian’s cross-complaint in Court Ventures v. Experian, a lawsuit filed in Superior Court of California in Orange County. In today’s example of Extreme Chutzpah, it seems Court Ventures had sued Experian, seeking release of the escrow account created when Experian purchased Court Ventures. For its part, Experian counter-sued because Court Ventures had been notified of indemnification claims arising from the Ngo case. The escrow account is only a small portion of what was an $18 million acquisition.
In Experian’s cross-complaint, they raise claims against Court Ventures and its co-founder and shareholder Robert Gundling for breach of warranty, breach of contract, express contractual indemnification, promissory fraud, intentional misrepresentation, and negligent misrepresentation.
In their cross-complaint, Experian claims that Court Ventures misrepresented the credit header data that the service enabled clients to obtain through it relationship with U.S. InfoSearch. Experian claims that Court Ventures represented the credit header data as a service that would enable investigators to find an individual’s address for trace purposes. In actuality, Experian claims, when they checked logs after the Secret Service contacted them, Court Venture clients – including Ngo – were able to input names and states and obtain the Social Security numbers of individuals with that name in that state. Parenthetically, I note this would be consistent with what Brian Krebs had reported that a single query often produced records on multiple individuals.
When Experian discovered that credit header data was being used to obtain Social Security numbers, they immediately cut off the service for all users – including Ngo.
In addition to the complaint that Court Venture did not verify Ngo (a/k/a Jason Low)’s bona fides as an investigator eligible to use the service, Experian’s cross-complaint also alleges that Court Ventures engaged in web scraping and other possibly illegal acts to obtain the records in its database, despite having assured Experian in the sales agreement that Court Ventures was in compliance with all laws and Experian would have no legal issues when it took over the business.
To date, and based on media reports by others, it appears that Experian has not notified any consumers about this breach and now claims that they don’t know whose data were stolen. That’s noteworthy because in December 2013, Tony Hadley of Experian informed Senator Rockefeller’s committee that Experian knew who these people (victims of Ngo’s activity) were and would protect them. Perhaps Senators Rockefeller and McCaskill should send another letter to Experian asking them to explain Mr. Hadley’s misrepresentations or errors.
Jim Finkle provides some additional details on the litigation on Reuters.