Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Experian: No Evidence of System Compromise in Brazil

Investigation Follows Report of Data for Sale on Darknet
Experian: No Evidence of System Compromise in Brazil

Reacting to news reports that some of the more than 220 million personal records on Brazilians that have been offered for sale on the darknet appear to be associated with Experian's Serasa subsidiary, Experian says its investigation has turned up no evidence its systems have been compromised.

See Also: 13 Essential Criteria to Consider For Cyber Resilience in IR & SoC Teams

"Following recent media reports concerning data which is being illegally offered for sale on the internet, some of which may have been sourced from Serasa’s non-sensitive marketing data, Experian is continuing to carry out a detailed forensic investigation," the company says in a statement.

The statement also notes that data offered for sale "includes photographs, Social Security [numbers], vehicle registrations and social media login details, which Serasa does not collect or hold. There is no evidence that positive or negative credit data has been illegally obtained from Serasa."

Brazilian news site Tecnoblog says some of the data offered for sale on the darknet is labeled as "Serasa Experian," and the listing makes reference to bringing data from Mosaic, which is an Experian tool for segmenting customers for marketing purposes.

Experian's South African Breach

In August 2020, the South African Banking Risk Information Center reported a data breach at Experian South Africa exposed the data of an estimated 24 million consumers and almost 800,000 businesses.

A South African fraudster purporting to represent an Experian client requested services from the company that involved the release of information.

A suspect was arrested at the time and the stolen information was not misused, according to the Banking Risk Information Center (see: Experian Breach in South Africa Affects 24 Million Consumers).

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.