Security writer Brian Krebs has followed up last year’s story that US credit reporting agency Experian had been selling personal data to Singaporean based identity thieves with the guilty plea from the scheme’s architect.
Krebs points out that the leader of the identity thieves, Vietnamese national Hieu Minh Ngo, could access up to 200 million consumers’ records.
It’s almost impossible to say how much theft, fraud and misery was inflicted on innocent Americans who had their personal details misused by Ngo’s customers.
The amazing thing is it appears that Experian’s executives or shareholders will not suffer any sort of penalty – civil or criminal.
In an age where companies are collecting masses of data on everyone, it’s inconceivable that those trusted to store and protect that information – particularly credit reporting agencies – seem beyond any accountability for failing in their core responsibilities.
There’s also the aspect of undermining the US credit system; if merchants and consumers find they can’t trust credit reporting agencies, then offering or getting credit becomes far more difficult and risky.
Until the management of companies like Experian are held accountable for their incompetence, any talk of safeguarding privacy is empty. It’s why we should treat claims that our data is held safely by government agencies or businesses with a great deal of caution.