VisiCom Services Blog

VisiCom Services has been serving the Rochester Hills area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

200 Million People’s Identities Compromised in One Scam

b2ap3_thumbnail_it_security_400.jpgDetails are still coming in regarding one of the biggest data breaches in history that compromised the personal records of 200 million Americans! The scam was propagated by the online ID theft service Superget.info, and it's currently being investigated by the U.S. Senate Committee on Commerce, Science, and Transportation.

A service like Superget.info is a one-stop shopping experience for hackers around the world to buy stolen identities. Often times, the hackers responsible for malicious activity using stolen identities aren't the same people responsible for the theft of a user's identity. Instead, they simply bought the user's sensitive information from a website like Superget.info and then did what they wanted to with the data.

This is how Superget.info operated. Based in Vietnam, this online ID theft service was run by 24-year-old Hieu Minh Ngo. According to KrebsOnSecurity, "Ngo's ID theft business attracted more than 1,300 customers who paid at least $1.9 million between 2007 and February 2013." Before the site was taken down, stolen information available on Superget.info included Social Security numbers, dates of birth, addresses, previous addresses, phone numbers, email addresses, and other sensitive data.

Upon investigation by the Senate committee, it was found that customers of Superget.info retrieved information from millions of users. As reported by KrebsOnSecurity:

The government alleges that the service's customers used the information for a variety of fraud schemes, including filing fraudulent tax returns on Americans, and opening new lines of credit and racking up huge bills in the names of unsuspecting victims. The transcript shows government investigators found that over an 18-month period ending February 2013, Ngo's customers made approximately 3.1 million queries on Americans.

Who's to Blame?
A breach that lifted information from 200 million users was the result of a single big scam against one of the world's largest databases, Experian. Experian is one of the three major U.S. credit bureaus. This is the company that keeps multiple pieces of personal information of every American for the purpose of running credit checks. This makes Experian a hacker's goldmine. Instead of going with a typical hack and stealing data by breaching a firewall, Hieu Minh Ngo took advantage of a business acquisition by Experian.

In March 2012 Experian acquired Court Ventures. Founded in 2001, Court Ventures describes itself as a firm that "aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources." Insight into the scam and Court Ventures was given to KrebsOnSecurity by Marc Martin, CEO of U.S. Info Search, a data company that shared data with Court Ventures. Martin explained that Ngo posed as a U.S.-based private investigator from Court Ventures in order to obtain the keys of Experian's data castle. From Martin's perspective, Experian should have caught some of the red flags put up by Ngo:

While the private investigator ruse may have gotten the fraudsters past Experian and/or Court Ventures' screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.

In a written statement to KrebsOnSecurity, Experian acknowledged Martin's explanation:

Experian acquired Court Ventures in March, 2012 because of its national public records database. After the acquisition, the U.S. Secret Service notified Experian that Court Ventures had been and was continuing to resell data from U.S. Info Search to a third party possibly engaged in illegal activity. Following notice by the U.S. Secret Service, Experian discontinued reselling U.S. Info Search data and worked closely and in full cooperation with law enforcement to bring Vietnamese national Hieu Minh Ngo, the alleged perpetrator, to justice. Experian's credit files were not accessed. Because of the ongoing federal investigation, we are not free to say anything further at this time.

Last year, Hieu Minh Ngo was detained in Guam by U.S. Secret Service agents, and in March, Ngo plead guilty to running the online identity theft service. Even more recently, during a Senate committee hearing, testimony was given from Tony Hadley, Experian's senior vice president of government affairs, in which the scope of Ngo's operation was revealed to include personal information from 200 million Americans.

How can You Prevent Your Personal Data from Being Stolen Like This?
Essentially, there's nothing that you can do to prevent your sensitive information from being stolen from another company that has it on file. When you give your data to a company like Experian you're trusting them to have security measures in place that will protect it from the likes of Ngo. This assurance of security is an agreement that you make with every company that you engage in a financial transaction with. This is why it was such a big deal when retailer Target was recently hacked and the financial information of 110 million of its shoppers was compromised. In light of the experiences of Experian and Target, you will need to make sure that you're doing everything you can to protect your customers' financial information that has been entrusted to your own business.

While you can't do anything to keep your personal information from being stolen from a third party, you can closely monitor your financial records and take quick corrective actions if your data is stolen. Here are a few corrective measures you can take: Get new credit cards, change the passwords to your various online accounts, and call VisiCom Services at 248.299.0300. We can walk you through additional protective measures and recommend a monitoring service that will alert you to any abnormal activity on your accounts. To learn more about the latest network security solutions on the market, give us a call today!

Quotes courtesy of krebsonsecurity.com.

Comments

 
No comments yet
Already Registered? Login Here
Guest
Wednesday, 16 October 2019
If you'd like to register, please fill in the username, password and name fields.

Sign Up For Our Newsletter

Powered by ChronoForms - ChronoEngine.com

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Tip of the Week: Tip of the Week: Mirror or Cast Your Android Device’s Screen
14 September 2017
Usually I don't refer spending time like these categories subjects and website but really the blog w...
Tip of the Week: 4 Google Chromecast Features that May Surprise You
05 September 2017
I’m really satisfied to find this site.I need to thank you only for this brilliant read!!I unquestio...
Microsoft OneNote May Be the Best Note-Taking Tool on the Market
27 June 2017
I blog frequently and I really value your substance. The article has really crested my advantage. I ...

Latest Blog Entry

16 October 2019
Visicom Blog
Security
Most people know what a URL is. It’s the address of a website, typically starting with http:// or https://, and it is essentially the location of a web page or application that can be accessed through...

Latest News

Contact Us

Learn more about what VisiCom Services can do for your business.

callphone

Call us today    248.299.0300

2534 S Rochester Road
Rochester Hills, Michigan 48307

#