One of the world’s biggest credit reporting firm Experian announced a current investigation on data being illegally sold on the Internet, which have been sourced from a subsidiary in Brazil.
Seresa S.A., which is a Brazilian credit research agency, has been involved in a data leak with its marketing data. According to reports, the data being sold included sensitive information of customers, however, Experian claims Seresa doesn’t collect or hold information.
In addition to photographs, social security information, vehicle registrations, and social media credentials were compromised. Meanwhile, Experian claims there’s no evidence where the data could’ve come from and its systems aren’t compromised.
As announced by the company last Monday, Feb. 8, they have launched a ‘detailed forensic investigation’ following reports on data being sold. This news came huge as there are 220 million customers affected in Brazil.
However, the company is doing a series of investigations to resolve the matter and go down to how things escalated. Experian said the protection of customer data is a priority, that’s why it’s going to provide more updates and insights about the said ‘data leak.’
Since the news about this event popped up, the company shares fell by 2 percent. The local news in Brazil also didn’t help as the cybersecurity found out the data being sold happened in January this year, affecting about 200 million customers.
The incident is dubbed as the biggest and largest data leakage in Brazilian history, with a 14GB file up for sale on the dark web. Open Democracy found this file, with a condensed version being offered at no cost.
This news came following the cyberattack incident in Brazil, affecting a health insurer called Hapvida. Threat actors accessed the personal information of customers, leading to the data leak.
Last December, another Brazilian-based plane manufacturer was hit by a breach, with hackers obtaining corporate information allegedly attributed to the company. With all these companies targeted by threat actors, the Seresa incident may indicate a possibility of a breach.
Experian’s rival in credit monitoring Equifax, was also hit by a data breach back in 2019, with the company agreeing to pay roughly $700 million to settle claims that it broke a law. Equifax agreed to pay harmed customers across the US, Canada, and Great Britain.
To date, there’s no evidence that positive or negative credit data was illegally obtained from Experian’s subsidiary Seresa.