Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations
Experian: No Evidence of System Compromise in Brazil
Investigation Follows Report of Data for Sale on DarknetReacting to news reports that some of the more than 220 million personal records on Brazilians that have been offered for sale on the darknet appear to be associated with Experian's Serasa subsidiary, Experian says its investigation has turned up no evidence its systems have been compromised.
See Also: Effective Communication Is Key to Successful Cybersecurity
"Following recent media reports concerning data which is being illegally offered for sale on the internet, some of which may have been sourced from Serasa’s non-sensitive marketing data, Experian is continuing to carry out a detailed forensic investigation," the company says in a statement.
The statement also notes that data offered for sale "includes photographs, Social Security [numbers], vehicle registrations and social media login details, which Serasa does not collect or hold. There is no evidence that positive or negative credit data has been illegally obtained from Serasa."
Brazilian news site Tecnoblog says some of the data offered for sale on the darknet is labeled as "Serasa Experian," and the listing makes reference to bringing data from Mosaic, which is an Experian tool for segmenting customers for marketing purposes.
Experian's South African Breach
In August 2020, the South African Banking Risk Information Center reported a data breach at Experian South Africa exposed the data of an estimated 24 million consumers and almost 800,000 businesses.
A South African fraudster purporting to represent an Experian client requested services from the company that involved the release of information.
A suspect was arrested at the time and the stolen information was not misused, according to the Banking Risk Information Center (see: Experian Breach in South Africa Affects 24 Million Consumers).