DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Experian sued over Court Ventures-related breach

Posted on July 21, 2015 by Dissent

He beat me to it. šŸ™‚ While I took a break to argue on Twitter about the hacked Jeep story in Wired, Brian Krebs was reporting on a class action lawsuit filed against Experian over the Court Ventures/U.S. InfoSearch data breach that was covered extensively on both his siteĀ and on this site.

The lawsuit was filed in federal court for the Central District of California. I’ve uploaded a copy ofĀ the complaint here (pdf).

To summarize some of the key points in the complaint:

1. The plaintiffs, led by Maudie Patton, Jacqueline Goodridge, and Virginia Kaldmo, are suing Experian for violations of the Fair Credit Reporting Act, the California Business & Professions Code §§ 17200, et seq., and the Declaratory Judgment Act.

Neither Court Ventures nor U.S. InfoSearch is named as a defendant in the lawsuit.

2. TheĀ plaintiffs areĀ seeking to recover FCRA statutory damages and injunctive relief requiring ExperianĀ to

(i) notify each U.S. citizen whose PII (a) was accessed by Ngo, (b) sold by Defendant to Ngo and/or his fraudster customers, or (c) was otherwise exposed in the Security Lapse,
(ii) provide quality credit monitoring and substantial identity theft coverage to each such person,
(iii) establish a fund (in an amount to be determined) to which such persons may apply for reimbursement of the time and out-of-pocket expenses they incurred to remediate identity theft and identity fraud (i.e., data breach insurance), from July 1, 2010 forward to the date the above-referenced credit monitoring terminates,
(iv) disgorge its gross revenue from transactions with Ngo and his fraudster customers involving Plaintiffs’ and Class Members’ PII and the earnings on such gross revenue, and
(v) discontinue its above-described wrongful actions, inaction, omissions, want of ordinary care, nondisclosures, and the causes of the Security Lapse.

The notification issue is of particular interest to me, as this blog had covered that issue and obtained statements from U.S. InfoSearch and Experian as to whose responsibility it was to notify those affected. Based on the complaint, it would appear that no one has yet been notified, which is pretty outrageous.

By the way, standing should not be an issue in this case as all named plaintiffs became victims of tax refund fraud/identity theft.

Of small note, Experian, through their counsel, was originally very insistent that the breach did not affect 200 million people (even though the criminals would presumably have had access to the information on 200 million people).Ā The complaint handles the numbers issue this way:

It has so far been established that the Superget.info and findget.me websites had 1,300 customers who paid Ngo nearly $2 million over the relevant period to access databases containing the PII of 200 million U.S. citizens. Over an 18-month period, Superget.info customers conducted approximately 3.1 million queries, 1.0 million of which were conductedĀ afterĀ Experian acquired CVI. Since each query could generate an unlimited number of hits, the actual number of individual consumer PII records exposed, accessed, obtained, and utilized by fraudsters to commit further identity theft and identity fraud could be in the tens of millions.

And while all this is going on, the suit and countersuit between Experian and Court Ventures continues.

Would this be a good time to point out that I filed a complaint against Experian with the FTC in April 2012? By then, Experian had already acquired Court Ventures and would now be responsible going forward, but FTC continues to disappoint by their failure to take public action over Experian’s security failures.

Category: Breach IncidentsBusiness SectorCommentaries and AnalysesHackOf Note

Post navigation

← FBI, Israel Make Securities Fraud Arrests Tied to JPMorgan Hack
FTC Takes Action Against LifeLock for Alleged Violations of 2010 Order →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on ā€œThe Digital Fourth Amendmentā€
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
Ā© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.