Data Breach At
South Shore Hospital To Pay $750,000 In 2010 Breach Settlement

Data Breach At Experian Credit Reporting Service

Logo_experianExperian has notified the New Hampshire Department of Justice of data breach where unauthorized third parties may have obtained consumers credit reports. The company discovered the breach in February 2012 and began notifying affected consumers on May 17, 2012.

The breach notice did not disclose the number of consumers affected. The unauthorized access occurred between November 2010 and March 2012. An investigation into the breach was conducted including the analysis of computer logs. In its breach notice, Experian stated:

"... we do not believe that any third party obtained access to any specific data elements that are covered by the New Hampshire security breach law because those data elements (e.g., financial account numbers) were redacted or truncated on any credit report disclosure..."

New Hampshire is one of about 46 states that require entities (e.g., companies and state agencies) to notify both the state and affected residents in each state whose personal information archived by that entity was lost, stolen, or accessed by unauthorized persons.

In its breach notice to consumers, Experian stated:

"While any consumer report will contain public information like name and address, Experian masks or displays only partial social security numbers, birth dates, and account numbers, so they are not identifiable and cannot be abused."

This is troublesome because, a) the breach went undiscovered for a long time, 16 months; b) partial social security and bank account numbers, partially masked, and c) the extremely sensitive personal and financial information contained in consumer credit reports.

Experian placed fraud alerts on the files of breach victims, and, of course, is offering breach victims two years of fee credit monitoring services through its ProtectMyID service.

Experian is one of the three larges credit reporting agencies. The other two are Equifax and TransUnion. Experian also operates the Triple Alert and websites. In 2010, the U.S. Federal Trade Commission changed the disclosre rules for web sites offering free credit reports. Consumers should know that the official webiste for truly free credit reports.


Feed You can follow this conversation by subscribing to the comment feed for this post.

J Waters

Experian's claim is Not true - somehow the data is being used and resulting in charges to peoples credit cards at their banks - including charges TO EXPERIAN !


I second the comment above. I do not have an account with Experian, yet somehow my debit card was authorized for $19.95 by some guy I've never heard of. I've canceled my debit card and have requested a new one from my credit union. This makes me very nervous! Experian did credit my account and reported the charge to their fraud dept. What's even stranger? I was just telling my story to a coworker and he pulls out his Citibank statement and he has 2 charges for $19.95 from Experian! There has been a huge breach and someone isn't telling the whole truth!


I just contacted experian last week about 2 fraudulent charges to my credit card. They credited it back to me and put an alert on my account. Today, my sister found 2 fraudulent charges to her credit card and is currently on the phone with them.... doesn't seem like there was no harm to me.

attorney houston

Just when we thought we could rebuild our credit score post-bankruptcy by utilizing the FCRA (fair credit reporting act) something else to worry about. That worry is CAIVRS - Credit Alert Verification Reporting System.


There is no lock to resist to a thief ! That's the way it is. Credit card companies are searching all the time new systems to protect their clients from fraudulent charges, but thieves do always find new breaches.


This is true that the breach notice did not disclose the number of consumers affected. The unauthorized access occurred between November 2010 and March 2012.

John Martin

That’s true that Experian is one of the three largest credit reporting agencies, however there are three different credit reporting companies. These all three different credit reporting agencies are really good and provide exact reports to the consumers.


The company has really discovered a very new breach. Now Experian can also provide data breach services. In this blog post you have also explained about the details of New Hampshire. I think this this new breach can be really beneficial.


I see the greatest contents on your blog and I absolutely love reading them.

The comments to this entry are closed.