http://krebsonsecurity.com/2014/04/u-s-states-investigating-breach-at-experian/
So I read the Krebs report today with interest because the CISO of Experian (Stephen Scharf) is an old friend of mine, and probably one of the better CISO's in the business, imho. So there are a few things I think are funny in the Krebs report. For example,"Court records just released last week show that Ngo tricked an Experian subsidiary into giving him /direct access to personal and financial data on more than 200 million Americans. "/ Right now, using Google, I have direct access to billions of records on both Americans and non-Americans But that doesn't mean I downloaded it and used it. How much data did this guy even get? Something more on the order of 3 million various things. Likewise, it seems like it was not Experian's data at all, but the result of some legal agreements that happened before Experian ever got involved. Also I love the part in the court documentation where the defendant has been hearing voices and is basically crazy. I guess the point is, "Some random company Experian bought had an agreement with another company that had an customer who was shady and then arrested" is not as catchy a title, even if it is more accurate than "U.S. States Investigating Breach at Experian" which is what Krebs decided to run with this time. Official Experian response to the whole mess (worth a quick read) is here:// // http://www.experian.com/blogs/news/2014/03/30/court-ventures/ <http://www.experian.com/blogs/news/2014/03/30/court-ventures/> -dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
