Experian, the massive data-broker with far-reaching influence over your ability to get a mortgage, credit-card, or job, sold extensive consumer records to an identity thieves’ service called Superget.info. Superget specialized in supplying identity thieves with “fullz” — full records of their victims, useful for impersonating them and for knowing where their assets are. Experian sold the data through a third part called “Court Ventures” — which they later acquired — and the sales continued for about a year. Experian bills itself as a service for people worried about identity theft. It’s not clear whether Experian will face any penalty for the wrongdoing.
These services specialized in selling “fullz” or “fulls,” a slang term that cybercrooks use to describe a package of personally identifiable information that typically includes the following information: an individual’s name, address, Social Security number, date of birth, place of work, duration of work, state driver’s license number, mother’s maiden name, bank account number(s), bank routing number(s), email account(s) and other account passwords. Fulls are most commonly used to take over the identity of a person in order to engage in other fraud, such as taking out loans in the victim’s name or filing fraudulent tax refund requests with the IRS.
All told, findget.me and superget.info acquired or sold fullz information on more than a half million people, the government alleges.
The U.S. Secret Service declined to discuss the case, but a source familiar with the matter said undercover federal agents set up a phony business deal to lure Ngo out of Vietnam and into Guam, an unincorporated territory of the United States in the western Pacific Ocean. The source said that Ngo was arrested upon his arrival in Guam and transferred to New Hampshire. There he is currently facing 15 separate criminal charges, including conspiracy to commit identification fraud, aggravated identity theft, and wire fraud, among others.
Experian Sold Consumer Data to ID Theft Service [Brian Krebs/Krebs on Security]