[BreachExchange] Experian says investigating if involved in Brazil data breach

[Destry Winant]

https://www.reuters.com/article/us-experian-dataprotection/experian-says-investigating-if-involved-in-brazil-data-breach-idUSKBN2A80MW

(Reuters) - Credit data firm Experian said on Monday it was continuing
to investigate whether the personal data of millions of people in
Brazil that was found to be illegally offered for sale online could be
connected with its Brazilian business Serasa.

UK-listed Experian, the world’s largest credit data group, said so far
it had found that the data offered for sale included photographs,
social security details, vehicle registrations and social media login
details, which Serasa does not collect or hold.

“In spite of exhaustive investigations to date there is no

evidence that our technology systems have been compromised,” the company said.

Premarket indicators pegged a 2% fall for its shares at market open.

Local news reports in Brazil said cybersecurity researchers discovered
in January that the personal data of more than 200 million people may
have been leaked and offered for sale online, but it is not clear
where the data came from.

The news of the breach comes less than a year after Brazilian health
insurer Hapvida said it suffered a cyber attack potentially involving
access to the personal information of its customers.

São Paulo-based plane manufacturer Embraer said last December that it
had been targeted by hackers, who obtained the disclosure of data
allegedly attributed to the company.

Experian, however, said there was no evidence that positive or
negative credit data had been illegally obtained from Serasa.

Equifax Inc, the U.S.-listed rival to Experian, announced the
largest-ever settlement for a data breach in 2019, agreeing to pay up
to $700 million to settle claims it broke the law during a massive
2017 breach of data relating to customers in the U.S., Britain and
Canada and to repay harmed consumers.