Jim Finkle and Karen Freifeld of Reuters also have more on the Court Ventures/U.S. Info Search that has put millions of consumers at risk of identity theft or financial fraud:
Iowa and North Carolina said they are looking into a breach involving a subsidiary of Experian Plc that exposed some 200 million social security numbers, in addition to two states that previously announced investigations.
Separately U.S. Senator Claire McCaskill, a Democrat from Missouri, chided the company, saying she was concerned it had changed its explanation of how it was responding to the breach.
Read more on Reuters. Interestingly, they quote Marc Martin, CEO of U.S. Info Search, who responds to Experian’s claim that is U.S. Info Search’s responsibility to notify consumers:
“The suspect didn’t have access to our system and it was Experian that sold the data and collected the funds,” Martin said.
But as I pointed out in my post on this dispute, Connecticut’s breach notification statute provides that a business that “owns, licenses or maintains computerized data that includes personal information, shall provide notice” of a security breach…” It doesn’t say that you have to be selling it or collecting funds for it. But then, I am not a lawyer.
I can see where we’re going to watching this one in court for years to come. It would really help to see the agreement between U.S. Info Search and Court Ventures.