Jump to content

Experian challenged over massive data leak in Brazil


mood
 Share

Recommended Posts

Experian challenged over massive data leak in Brazil

Consumer rights body criticizes explanations from the credit bureau in relation to the data exposure of over 220 million citizens.

 

After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company's explanations as "insufficient" and said it is likely that the incident was initiated in a corporate environment.

 

Procon notified the credit information multinational following the emergence of a leak that exposed the personal data of more than 220 million citizens and companies, which is being offered for sale in the dark web. Security firm PSafe discovered the incident, which exposed all manner of personal details, including information from Mosaic, a consumer segmentation model used by Serasa, Experian's Brazilian subsidiary.

 

Following the emergence of the leak in January, Procon notified the credit bureau, and asked the company for a confirmation of the incident, and an explanation of the reasons that caused the leak, the steps taken to contain it, how it will repair the damage to consumers impacted and the measures taken to prevent it from happening again.

"No hypothesis has been ruled out, and at the moment we consider it is more likely that the leak came from inside companies rather than hackers," said Procon's executive director Fernando Capez, adding that Experian's feedback prompts more questions than answers. The explanations from the company will be analyzed by the board of the consumer rights body, and a fine may be applicable if any wrongdoing becomes evident.

 

According to Procon, Experian informed that all its activities that involve personal data comply with the Brazilian data protection regulations, and that processing of such data can legally serve several purposes. That part of the answer was insufficient, the consumer rights body said, since "there is no legal basis for the treatment and use of data in an indiscriminate manner" and that includes data of deceased individuals, also exposed in the leak.

 

In addition, Procon noted that Serasa Experian did not specify the technical and organizational measures adopted to implement its data protection policy. Moreover, the company reinforced what it had said in a statement released last week in its response to the notification, that there is no evidence that credit data has been illegally obtained from its Brazilian subsidiary. The company also argued that there is no evidence that its technology systems had been compromised.

 

In relation to Serasa Experian's risk mitigation policy that may occur in such circumstances, Procon said the company only stated that a "comprehensive information security program" is currently in place. Regarding damage repair to consumers, Serasa Experian stated that its website has instructions on what to do in case of fraud. Procon's stance is that this is a preventive measure rather than a reparative action.

 

Contacted by ZDNet, Serasa Experian did not answer to requests for comment on Procon's response to its feedback. The agency's demands for answers follow calls from the Brazilian Institute for Consumer Protection (IDEC) for urgent measures to investigate and punish those responsible for exposing the population's data, as well as improved citizen information and transparency.

 

 

Source: Experian challenged over massive data leak in Brazil

Link to comment
Share on other sites

  • Replies 0
  • Views 188
  • Created
  • Last Reply

Top Posters In This Topic

  • mood

    1

Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...