Questions surround source of breach as Experian says database includes details not held by firm
Credit reporting agency Experian says it has failed to unearth any evidence that a Brazilian subsidiary’s systems had been compromised following reports of a data breach impacting millions of the country’s residents.
In a news release issued earlier today (February 8), Experian said it had launched a “detailed forensic investigation” following reports that sensitive personal data belonging to more than 220 million Brazilians was being sold online.
As reported by regional tech publication Tecnoblog in January, the dataset is claimed to have originated from Experian Serasa, the credit rating agency’s subsidiary in Brazil.
In what’s being described as the “largest personal data leakage is Brazilian history”, Open Democracy said a 14 GB file was up for sale on the dark web, while a condensed version was being offered at no cost.
However, during its investigation into whether some “non-sensitive marketing data” may have originated from Serasa, Experian said it had seen “no evidence that our technology systems have been compromised”.
The company added: “The data offered includes photographs, social security INSS, vehicle registrations and social media login details, which Serasa does not collect or hold.”
Experian said it would provide further updates into the investigation, as appropriate.
“Protecting the security of data is our number one priority and is an obligation we take extremely seriously,” the company said.