Experian – the credit bureau which received a controversial no-bid contract from S.C. Gov. Nikki Haley during last year’s #SCHacked scandal – has acknowledged being duped into selling its confidential customer data to a Vietnamese scammer.
News of the heist was first reported this week by KrebsOnSecurity. According to the site, scammer Hieu Minh Ngo “gained access to Experian’s databases by posing as a U.S.-based private investigator.”
An undisclosed number of Social Security numbers were sold by Experian subsidiary Court Ventures to Ngo – who ran an identity theft website called SuperGet.Info.
Wow … this story just keeps getting better (or worse, if you’re a South Carolina taxpayer or business owner).
Experian received a secretive, no-bid contract from Haley worth $12 million to provide credit monitoring services to victims of last year’s S.C. Department of Revenue (SCDOR) data breach.
This still-unsolved hacking incident that remains the largest state-level security lapse in American history – with Haley’s administration coughing up 3.8 million Social Security numbers, 3.3 million bank account numbers, tax info for more than 650,000 businesses and nearly 400,000 credit and debit card numbers.
Haley quickly came under fire for the deal she cut with Experian (and with good reason). In addition to numerous inconsistencies regarding the timing of the contract and the lack of consideration given to other providers, Haley’s administration was busted telling several flat out lies regarding the company’s so-called “exclusive” services, which it turns out other companies not only provided – but provided at cheaper costs.
The Experian controversy flared up again earlier this year when the company notified recipients of its “free” service that it was going to start charging them – even though state government officials negotiated a new credit monitoring contract with another company that provides this protection for free.
42 comments
So wait, this was a “scam” in which they “duped” experian? So there is a “legitimate” sale this “ID security” company does in which it sells its customers personal security identifiers for money? I’m confused…
SON – OF – A – BITCH!
So how is Slikky Haley going to explain this one?
Oh, Heavens above, WHAT-IS-COMING-NEXT?
“Experianed” will be the new buzz word for security & privacy.
Woe to me, woe to all of us!
“WHAT-IS-COMING-NEXT”, it’s already here, the Obamacare web site.
Shifty is nuzzling up to two women whose agency received a contract to administer the program in a certain area. Hoping to seduce them into allowing me to get a management position. As of today even they can’t get into the site. Shifty is curious about how well trained, honest, and sincere the foot soldiers will be. I’ll keep everyone posted on developments, if I’m successful.
Amen!!!!!
We have Obama, Haley, Jim Clyburn, Sanford, Eckstrom, the Peelers, the Wilsons, Benjamine and Halfacre over in Lexington!
We are totally screwed.
We need to clean house…totally!
Randy has just 2 weeks left as mayor. Lexington will flourish under Mayor MacDougall.
First i thought you said Silky, then i read the word Sliky, but i know you really meant Slimy. Spell check and qwerty dont mix.
I meant Slikky on this one. She was Silky at another time, another place. Whenever I see qwerty I’m reminded of Clare Quilty (Peter Sellars) in the Lolita film
Maybe it was Sic that adjusted to the latter term LOL :)
My thoughts exactly!
Reminds me of Wesson Oil parities back in the 60’s
After a few shots of purple jesus, couple of quarts of oil and lights off it was near to impossible to tell the difference between the fuckers and the fuckees
HERE’S YOU’RE MAN
https://www.google.com/search?site=imghp&tbm=isch&source=hp&biw=1150&bih=547&oq=Hieu+minh+Ngo+&gs_l=img.12…3738.9264.0.11668.6.6.0.0.0.0.208.760.3j2j1.6.0….0…1ac.1.29.img..5.1.207.lp4CBF_Q8Rg&q=Hieu%20minh%20Ngo#facrc=_&imgrc=rwmpSwopnLuR0M%3A%3BxZQcoXOLe87QcM%3Bhttp%253A%252F%252Fkrebsonsecurity.com%252Fwp-content%252Fuploads%252F2013%252F10%252Fngohalfpass-285×146.png%3Bhttp%253A%252F%252Fkrebsonsecurity.com%252F2013%252F10%252Fexperian-sold-consumer-data-to-id-theft-service%252F%3B285%3B146
Why are we allowing the State that has shown its contempt for our data to control this process? Let’s just make credit monitoring a refundable tax credit that can be claimed on the SC1040. We can all pick our own service and take a $25 refundable credit every year (indexed for inflation). That way, we’re not locked in to whatever contract the state decides to negotiate for us.
Uh hell no. Lets just reform the tax code. They get a nickel from EVERYONE. No more, no less, no wiggle room. Then ss is not necessary.
Good point. No income tax, no SS number. Just a flat sales tax.
Sales, Income, Real Estate. Whatever. It’s just got to be set up so it can’t be changed. If the church can deal with a flat rate, so can the GD gubmint.
Law firm (Nelson Mullins) tries to clear up confusion about how Experian deal reached
November 27, 2012
COLUMBIA — Thad Westbrook of Nelson Mullins, a law firm representing the state in the aftermath of a massive cyber breach now says NO competitors were contacted before the state reached a $12 million no-bid contract with Experian.
Attorney Jon Neiditz of Columbia firm Nelson Mullins said the confusion over whether the firm had contacted other credit monitoring companies resulted from an unclear statement made by another attorney, Thad Westbrook.
The Revenue Department reached an initial agreement with Experian just before the breach affecting millions of current and former S.C. taxpayers was first announced publicly on Oct. 26.
The confusion over whether Thad Westbrook of Nelson Mullins ever reached out to Experian competitors began at an Oct. 30 Senate Finance Committee hearing from comments from Nelson Mullins attorney Thad Wetbrook.
Revenue Department Director James Etter, who is resigning effective at the end of this year, correctly told senators that no other companies were contacted besides Experian.
But Nelson Mullins attorney Thad Westbrook immediately followed up and told senators that pricing was obtained from two other firms but Experian had the ability to scale up quickly in an emergency situation.
Weeks after the hearing, Revenue Department spokeswoman Samantha Cheek named the other two companies that Nelson Mullins had obtained estimates from as Citreas and Identity Force.
Obtaining pricing information from Experian competitors and examination did not include reaching out to them.
Neiditz said he had pre-existing pricing information from various cyber security companies and knew Experian could offer the best deal. The leaders of other firms have disputed that assessment.
Neiditz said Monday that Thad Westbrook’s statement during the hearing caused confusion.
“It wasn’t clear,” Neiditz said. “It led to the impression that other companies had been contacted….I mentioned those vendors to him.”
Some senators have expressed concerns about the state’s NO-BID contract with Experian.
Anderson GOP Sen. Kevin Bryant said it’s worrisome that no other companies were approached following the breach.
“This snowball just keeps getting bigger and bigger as time goes by,” Bryant is co-chairman of a new oversight panel tasked with looking into the cyber attack.
Normally, state contracts are struck following a request for proposals from various companies.
The law states “competition as is practicable SHALL be obtained.”
Neiditz recommended Experian to his firm, which then recommended Experian to the state. Nelson Mullins and their attorneys are being paid an estimated $100,000 for its work assisting the state.
…EXPERIAN and two competitors as Thad Westbrook and Cheek said, but NEVER contacted any of them before deciding on Experian.
Neiditz said he first contacted Experian on Oct. 23, three days before the breach was announced.
Etter had told senators during the hearing that Experian was first contacted on Oct. 25.
The Secret Service alerted state officials to the breach on Oct. 10.
“As a result, I don’t think that those business models received full consideration. Neither did other companies.”
The CEOs of Citreas and Identity Force said that their pricing would have been competitive with Experian and their services would have been superior in some ways.
Vendors likely would have been beating down the state’s doors and possibly could have provided a better deal…
Nelson Mullins and their attorneys are being paid an estimated $100,000
FULL STORY
http://www.postandcourier.com/article/20121127/PC16/121129491/
Nelson Mullins should be barred from advising the State of South Carolina
What! Why? Those boys can clear up a 100 dollar fine for you in 300 dollars billable service cost, every time guaranteed. And if they can’t, they’ll cut 50 dollars off that 300 dollars fee – no questions asked. Service with a smile.
—- and return to the State every cent they’ve received since Nikki took the oath!
Does the SC Attorney General – going back decades – do a damn thing in this state except file suits that are usually little more than political gesture and theater?
What do we pay that agency to do?
ALAN WILSON’S BIZARRE MOVE
DOCUMENT SHREDDING PARTY…. OOPS! ..I MEAN TRAINING … WRITE THAT DOWN …TRAINING ….I MEAN IT ….TRAINING … WRITE THAT DOWN …IT’S TRAINING …..UH UH UH ,,,,,,,
EXPERIAN, the sweetheart $12 million contract last fall to provide credit monitoring for a year, sent out another round of come-ons trying to convince South Carolinians to buy its service. The notices were emailed three days before we could start signing up for the monitoring that we already paid for through our state taxes, provided by a cheaper contract that the state negotiated with CSIdentity Corp. A contract Experian had refused even to bid on. At least this month’s sales pitch didn’t imply that the state wasn’t providing credit monitoring, as the one in September had.
Gov. Nikki Haley announced that cyberthieves had lifted the tax returns (think Social Security and bank account numbers) of 6.4 million individuals and businesses from her Revenue Department?
Attorney General Alan Wilson invited law enforcement to a training session on identity-theft investigations, and in the week’s most bizarre move, Superintendent Mick Zais’ Education Department held an Employee Document Shred Day. That’s certainly useful for protecting important paper documents, which lots of us don’t do so well, but I’m not sure what it has to do with cybersecurity. The Revenue Department could have shredded every last piece of paper it possessed, and cyberthieves still would have our data — in a far more dangerous form than paper.
the one-yearish anniversary of Gov. Haley’s failure to protect our financial data, followed by a 16-day “cover up” before she announced the breach. (The attack occurred in September, the federal government informed the governor Oct. 10, and she announced it on Oct. 26.)
what we didn’t hear a thing about — from the governor — was how we fix the systemic problems that ultimately invited the largest breach of state government data in the country to occur here in South Carolina.
Simply fixing the security procedures at the Revenue Department is not adequate. Neither is it adequate for every government agency in South Carolina to review and update its own cybersecurity policies — though that too is necessary, and incomplete.
What we need is a system that requires smarter security and that can recognize the absence of that long before our vulnerabilities turn into disasters.
We freaking got hacked…..AGAIN……….DOOFUS DID IT AGAIN …UH … UH …UH…
Read more here: http://www.thestate.com/2013/10/27/3059067/scoppe-in-hacked-sc-a-year-of.html#storylink=cpy
Excellent! Now if only the IRS could store all my medical records fo me…
How the fuck is it legal to sell Social security #s???
They are identifiers that can be used to steal some ones identity,and you can’t maintain a datbase of 15 or more such identifiers without a legitimate purpose. I think its 18 USC 3056 – it no different than a merchant selling your credit card numbers you use there – which is similarly illegal.
Laws only apply to the unwashed masses, I guess.
“SC Democrats plan vigils for hacking anniversary”
October 22, 2013
Almost a year after Republican Gov. Nikki Haley announced that the tax returns of millions of South Carolinians were hacked by a cyber-thief, state Democratic Party Chairman Jaime Harrison announced Monday the party will hold a series of vigils marking the event.
“Over the next week, South Carolinians will gather in local communities to mark the 16 days that Nikki Haley hid the truth from millions of people,” Harrison said. “The silent vigils will mark the inexcusable lag time and gross failure of leadership when governor Haley chose to cover her own behind.”
He said at least eight events are planned, the first in Greenville on Tuesday. He himself observed 10 seconds of silence during a news conference on a downtown Charleston street.
In September of last year, a cyber-thief hacked unencrypted information from tax filings about 3.8 million adults, 1.9 million of their dependents, and 700,000 businesses. It’s not clear whether any of those people or businesses became victims of identity theft as a result.
State officials were made aware of the problem on Oct. 10, 2012, by the U.S. Secret Service. Haley announced the hacking at a Columbia news conference 16 days later. She said investigators needed time to investigate the breach.
When reminded of that by reporters, Harrison said “my response to that is you have to let the good people of South Carolina know. My question to them is do you have the people who hacked into the system? No.”
“From day one, Gov. Haley’s focus has been on working with law enforcement to catch the criminal who attacked our state and on protecting our citizens from further harm by massively upgrading our cybersecurity systems and making sure everyone has identity theft protection,” Haley spokesman Doug Mayer responded.
He added while cybercrime is evolving every day “we can say without any doubt that we are far safer now than we’ve ever been before in South Carolina.”
People affected by the hacking of the state Revenue Department servers are being offered another year of free credit monitoring and can begin enrolling this week for protection provided by CSIdentity Corp. South Carolina is paying the Texas company up to $8.5 million to provide the monitoring.
Credit bureau Experian had been doing that work for nearly 1.5 million people under a $12 million contract. The service will not transfer, so people who had signed up with Experian will have to sign up with the new agency.
http://thetandd.com/news/state-and-regional/sc-democrats-plan-vigils-for-hacking-anniversary/article_198f52cb-1cd3-5b6f-a85a-1c8f1904e551.html
We might as well plaster our Social Security numbers on the side of a big truck like that LifeLock CEO or whoever did. Just drive it around the whole damn world like Google’s camera cars just in case someone hasn’t seen them yet.
Fear and loathing in the Graham campaign……boomerang 301
“Crooks ‘stole’ Experian data the old-fashioned way: They bought it”
Credit bureau sold personal data from half a million users to fraudster posing as a P.I. who then resold data on the black market
Informational Brigade members, how would a jury be presented verifiable FACTS concerning this incident to understand WHY this type of information is not being used against US Senator Lindsey Graham and Obamacare or immigration reform proceedings. How would a jury be asked to read an article about boat GAS TAXES to understand what Mr. Folks is doing with this article. http://www.postandcourier.com/apps/pbcs.dll/article?AID=%2F20131021%2FPC16%2F131029880%2F1177%2Fresidents-surprised-highway-41-bridge-project-moving-forward-with-55-foot-high-span#_=_
How does the gas taxes from across our state impact the building of a 55 foot bridge. How is this similar to to an “Experian scam”.
How would this be used against Haley and Tim Scott and Graham and CLYBURN to turn the tide in election “control”.
How would this type of leverage be used by citizens of Iraq and Afghanistan or Djibouti to topple the “corrupt layer”.
Dude … you make us all dumber. Try to stay on point.
Try to stay on point….?? That sounds a lot like “Lin Bennett” telling someone she has a seat for them that SHE decides.
Ya know…Mr. AKA, we highly wager that the real Mr. Wil Folks started this site because he did not want to stay on the main stream media POINT. The real Mr. Folks understand that you don’t go to a press event to ask a question, you go to DESTROY every other reporter in our state. The real Mr. Folks does not get up in the morning to just go to work….he gets up to be the BEST king for his QUEEN.
As far as being dumber…….we highly wager that anyone who follows this site and “Experian fiasco” is smart enough to understand how huge boats being able to access planned developer “looting” impacts the areas tax base. We also highly wager that those individuals who SOLD land before this bridge enlargement was planned would have been better informed about the land price and sales “discussions.
The question is…..we wonder just how MAD Mrs Wil Folks would have been if her family had owned land that big boats could NOT access because of a small bridge and had to settle for a reduced price to then learn that the bridge was planned all along 30 years ago and was NOT told. How mad would she be if that same developer was a donor to SCOTT, GRAHAM, SWAILz, CLYBURN..but NOT Mace.
Arguing with the mentally ill again?
I like the color Pantone 540C and I think pizza is the best.
I wonder if it’s a liberal version of James O’Keefe.
In my estimation, everything this woman touches turns to crap! My wonderful State is now, a laughing stock with her self serving ineptness and incompetence.
Please Lord deliver us from this scurge Obama and Haley!
The social security number is nothing more than our government branding its tax cattle in exchange for a ponzi scheme anyway. It’s never been secure.
I don’t feel particularly secure with Haley’s new choice of a Texas company that came into being after Rick ‘Ooops’ Perry’s Texas government got hacked a few years ago. Anything Rick Perry does is slimy with crony capitalism.
The service I want most from any deal the state cuts is for the company to take on all the hassle of straightening out every detail of any mischief an identity thief can do to my life and pay for any damage that they do.
And, I would like for a reputable company or unit of state government to do it.
Plain and simple,the whole family, including sisters, brothers and parents, have NO shame. Wouldn’t trust a one of them around my silverware. If Michelle wasn’t being employed by the state, she’d really spill the beans. Big beans.
Experian is processing Obamacare website data.
Google search terms: Experian Obamacare
EXAMPLE
Obamacare’s Website Is Crashing Because It Doesn’t Want You To Know How Costly Its Plans Are
http://www.forbes.com/sites/theapothecary/2013/10/14/obamacares-website-is-crashing-because-it-doesnt-want-you-to-know-health-plans-true-costs/
“The main Healthcare.gov web page collects information using the CGI Group technology. Then that data is transferred to a system built by Quailty Software Services. QSS then sends data to Experian, the credit-history firm.”
“The federal government’s decision to force people to apply before shopping, Weaver and Radnofsky write, “proved crucial because, before users can begin shopping for coverage, they must cross a busy digital junction in which data are swapped among separate computer systems built or run by contractors including CGI Group Inc., the healthcare.gov developer, Quality Software Services Inc., a UnitedHealth Group Inc.
unit; and credit-checker Experian PLC.”
Want to file civil suits and receive awards for attorney fees? This case is a sitting duck.