Experian

Last updated

Experian plc
Company type Public limited company
LSE:  EXPN
FTSE 100 Component
IndustryBusiness services
Predecessors GUS plc (1996–2006)
Founded1996;28 years ago (1996)
Headquarters Dublin, Ireland [1] [2]
Number of locations
List
Key people
RevenueIncrease2.svg US$6.619 billion (FY2023) [3]
Increase2.svg US$1.793 billion (FY2023) [3]
Decrease2.svg US$0.773 billion (FY2023) [3]
Total assets Decrease2.svg US$10.864 billion (FY2023) [3]
Total equity Decrease2.svg US$3.964 billion (FY2023) [3]
Number of employees
21,700 (2024) [4]
Website www.experian.com

Experian plc is a multinational data analytics and consumer credit reporting company headquartered in Dublin, Ireland. Experian collects and aggregates information on over 1 billion people and businesses including 235 million individual U.S. consumers and more than 25 million U.S. businesses. [5] [6] It is listed on the London Stock Exchange and is a constituent of the FTSE 100 Index. Experian is a partner in USPS address validation. It is one of the "Big Three" credit-reporting agencies, alongside TransUnion and Equifax. [7]

Contents

In addition to its credit services, Experian also sells decision analytic and marketing assistance to businesses, including individual fingerprinting and targeting. [8] Its consumer services include online access to credit history and products meant to protect from fraud and identity theft. [9] Like all credit reporting agencies, the company is required by U.S. law to provide consumers with one free credit report every year. [10]

History

The company has its origins in Credit Data Corporation, a business which was acquired by TRW Inc. in 1968, [11] and subsequently renamed TRW Information Systems and Services Inc. [12]

In November 1996, TRW sold the unit, as Experian, to Bain Capital and Thomas H. Lee Partners. [13] Just one month later, the two firms sold Experian to The Great Universal Stores Limited in Manchester, England, a retail conglomerate with millions of customers paying for goods on credit (later renamed GUS). [14] GUS merged its own credit-information business, CCN, which at the time was the largest credit-service company in the UK, into Experian. [15]

In October 2006, Experian was demerged from GUS and listed on the London Stock Exchange. [16] [17]

In August 2005, Experian accepted a settlement with the Federal Trade Commission (FTC) over charges that Experian had violated a previous settlement with the FTC. The FTC alleged that ads for the "free credit report" did not adequately disclose that Experian customers would automatically be enrolled in Experian's $79.95 credit-monitoring program. [18] [Note 1]

In January 2008, Experian announced that it would cut more than 200 jobs at its Nottingham office. [19]

Experian shut down its Canadian operations on 14 April 2009. [20]

In March 2017, the U.S. Consumer Financial Protection Bureau fined Experian $3 million for providing invalid credit scores to consumers. [21]

In October 2017, Experian acquired Clarity Services, a credit bureau specialising in alternative consumer data. [22]

In October 2024, Experian agreed to acquire Brazilian digital fraud prevention provider ClearSale for $350 million. [23]

Operations

In the United States, like the other major credit reporting bureaus, Experian is chiefly regulated by the Fair Credit Reporting Act (FCRA). The Fair and Accurate Credit Transactions Act of 2003, signed into law in 2003, amended the FCRA to require the credit reporting companies to provide consumers with one free copy of their credit report per 12-month period. Like its main competitors, TransUnion and Equifax, Experian markets credit reports directly to consumers. Experian heavily markets its for-profit credit reporting service, FreeCreditReport.com, and all three agencies have been criticised and even sued for selling credit reports that can be obtained at no cost. [24] [25]

Its market segmentation tool, Mosaic, is used by political parties to identify groups of voters. In the British version there are 15 main groups, broken down into 89 hyperspecific categories, from "corporate chieftains" to "golden empty-nesters" which can be taken down to the level of individual postcodes. It was first used by the Labour Party, but then taken up by the Conservatives in the 2015 General Election campaign. [26]

Sales to identity thieves

In 2013 a Vietnamese national, Hieu Minh Ngo, [27] was charged by the U.S. Department of Justice with attempting to sell personally identifiable information on hundreds of thousands of U.S. residents. This information had been allegedly purchased from Experian subsidiary and data aggregator Court Ventures. However, Ngo testified under oath that the information he had sold to identity thieves had actually been acquired from another hacker based in Russia, and not Experian or Court Ventures. Ngo then resold the information he acquired from the Russian hacker through the identity fraud enabling websites Superget.info and Findget.me. [28] [29] [30] [31] [32] The information offered for anonymous sale on these websites included individual's name, address, Social Security number, date of birth, place of work, duration of work, state driver's licence number, mother's maiden name, bank account number(s), bank routing number(s), email account(s) and other account passwords. [32]

Data breaches

2015

Letter from Experian North America CEO, Craig Boundy, informing T-Mobile customer their personal information was compromised in Experian server hack. 2015-10-05 experian-letter-redacted.jpg
Letter from Experian North America CEO, Craig Boundy, informing TMobile customer their personal information was compromised in Experian server hack.

On 1 October 2015 Experian announced that they had discovered a data breach existing between 1 September 2013 and 16 September 2015. As many as 15 million people who used the company's services, among them customers of American cellular company T-Mobile who had applied for Experian credit checks, may have had their private information exposed. [33] [34]

2020

In 2020 it was revealed that Experian had suffered a further data breach, on this occasion in South Africa. [35] Initially, Experian claimed that the incident had been contained [36] but subsequently this was shown to be untrue. Data on 24 million South Africans was leaked, as well as on nearly 800,000 businesses. Of these, 24,838 had financial details leaked. [37]

2021

In January 2021 a new leak was revealed in Brazil, with the source being linked to Experian's Brazilian subsidiary Serasa Experian. The breach resulted in data of 220 million citizens (including some already dead) being sold in the web. This is probably the most severe data breach in history, as it includes names, social security numbers, income tax declaration forms, addresses and other private information on nearly all Brazilian citizens. [38] Experian claims there's no evidence that its systems have been compromised, but this lack of evidence doesn't explain it being the only probable source for the data. According to a Brazilian consumer rights foundation, the company has not been handling the breach appropriately. [39]

2022

In late 2022 a flaw was revealed in Experian's website which allowed access to individual credit reports without full authentication, simply by changing the last part of the URL being requested from "/acr/oow/" to "/acr/report." [40] The flaw was fixed in early 2023, but it was not known how much data had been stolen through this security weakness. [41]

See also

Explanatory notes

  1. Quotation marks around "free credit report" are part of FTC press release.

Related Research Articles

<span class="mw-page-title-main">Identity theft</span> Deliberate use of someone elses identity

Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been legally defined throughout both the U.K. and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

A credit score is a number that provides a comparative estimate of an individual's creditworthiness based on an analysis of their credit report. It is an inexpensive and main alternative to other forms of consumer loan underwriting.

<span class="mw-page-title-main">Fair Credit Reporting Act</span> U.S. federal legislation

The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq., is federal legislation enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. It was intended to shield consumers from the willful and/or negligent inclusion of erroneous data in their credit reports. To that end, the FCRA regulates the collection, dissemination, and use of consumer information, including consumer credit information. Together with the Fair Debt Collection Practices Act (FDCPA), the FCRA forms the foundation of consumer rights law in the United States. It was originally passed in 1970, and is enforced by the U.S. Federal Trade Commission, the Consumer Financial Protection Bureau, and private litigants.

TransUnion LLC is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries including "200 million files profiling nearly every credit-active consumer in the United States". Its customers include over 65,000 businesses. Based in Chicago, Illinois, TransUnion's 2014 revenue was US$1.3 billion. It is the smallest of the three largest credit agencies, along with Experian and Equifax.

<span class="mw-page-title-main">Equifax</span> American consumer credit reporting agency

Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.

A data broker is an individual or company that specializes in collecting personal data or data about people, mostly from public records but sometimes sourced privately, and selling or licensing such information to third parties for a variety of uses. Sources, usually Internet-based since the 1990s, may include census and electoral roll records, social networking sites, court reports and purchase histories. The information from data brokers may be used in background checks used by employers and housing.

A credit score is a numerical expression based on a level analysis of a person's credit files, to represent the creditworthiness of an individual. A credit score is primarily based on a credit report, information typically sourced from credit bureaus.

A credit freeze allows an individual to control how a consumer reporting agency is able to sell personal financial identity data. The credit freeze locks the data at the consumer reporting agency until the individual gives permission for the release of the data.

Spokeo is a people search website that aggregates data from online and offline sources.

AnnualCreditReport.com is a website jointly operated by the three major U.S. credit reporting agencies, Equifax, Experian, and TransUnion. The site was created in order to comply with their obligations under the Fair and Accurate Credit Transactions Act (FACTA) to provide a mechanism for American consumers to receive up to three free credit reports per year.

LifeLock by Norton was an American software company active from 2005 to 2017. The company was best known for its eponymous LifeLock identity theft prevention software, now sold by Gen Digital after the latter acquired LifeLock in 2017. LifeLock's system monitors for identity theft, the use of personal information, and credit score changes.

<span class="mw-page-title-main">Credit card fraud</span> Financial crime

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

<span class="mw-page-title-main">CoreLogic</span> American business data company

CoreLogic, Inc. is an Irvine, CA based leading information services provider of financial, property, and consumer information, analytics, and business intelligence. The company analyzes information assets and data to provide clients with analytics and customized data services. The company also develops proprietary research, and tracks current and historical trends in a number of categories, including consumer credit, capital markets, real estate, fraud, regulatory compliance, natural hazards, and disaster projections. The company reported a full 2020 revenue of $1.6 billion. As of 2021, CoreLogic is a Fortune 1000 company.

<span class="mw-page-title-main">R1 RCM</span> U.S. healthcare company

R1 RCM Inc. is an American 'revenue cycle management' company servicing hospitals, health systems and physician groups across the United States.RCM is the process of managing all revenue-generation functions in a healthcare organization. It requires an understanding of the revenue cycle and begins when a patient seeks the organization's medical services and ends when the organization has collected all payments from the patient and/or their insurer. R1 has over 1,000 clients across the United States, including hospitals, health systems, and physician groups. R1 RCM employs more than 27,200 people and generates approximately $2.1 billion in annual revenue.

Identity theft involves obtaining somebody else's identifying information and using it for a criminal purpose. Most often that purpose is to commit financial fraud, such as by obtaining loans or credits in the name of the person whose identity has been stolen. Stolen identifying information might also be used for other reasons, such as to obtain identification cards or for purposes of employment by somebody not legally authorized to work in the United States.

doTerra is a multi-level marketing company based in Pleasant Grove, Utah, that sells essential oils and other related products. doTerra was founded in 2008 by former executives of Young Living and others. The company's products are sold through independent distributors called Wellness Advocates, using a multi-level marketing model to sell its products. Distributors are eligible to receive commissions based on their own sales and the sales of others in their organization.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Exposed.su was a website run by Russian hackers focused on the listing of personal information of celebrities, and other high-profile figures. Among the high-profile victims include Michelle Obama, Donald Trump, Arnold Schwarzenegger, Kim Kardashian, Joe Biden, Hillary Clinton, Beyonce and Robert Mueller. The "doxed" documents, which are hosted on the website, include Social Security numbers, credit histories, loan documents and mortgage information of the individuals.

Between May and July 2017, American credit bureau Equifax was breached. Private records of 147.9 million Americans along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft. Equifax discovered the breach end of July, but did not disclose it to the public until September 2017. In a settlement with the United States Federal Trade Commission, Equifax offered affected users settlement funds and free credit monitoring.

References

  1. Feisst, Melanie (27 July 2006). "Ireland has the edge, says expansive GUS". Archived from the original on 28 September 2018. Retrieved 25 July 2016.
  2. "About Experian | Company Profile | Office Locations". Archived from the original on 17 August 2016. Retrieved 25 July 2016.
  3. 1 2 3 4 5 "Annual Results 2023" (PDF). Experian. Retrieved 11 February 2024.
  4. "Profile". Experian. Retrieved 11 February 2024.
  5. "Credit Services". Experian. Archived from the original on 24 September 2017. Retrieved 23 September 2017.
  6. "About Experian | Company Profile | Corporate Fact Sheet". Experian. Archived from the original on 24 September 2017. Retrieved 23 September 2017.
  7. "How to protect yourself against the theft of your identity". The Economist . 14 September 2017. Archived from the original on 14 September 2017. Retrieved 15 September 2017.
  8. Ingram, David. "Facebook cuts ties to data brokers in blow to targeted ads". U.K. Archived from the original on 25 January 2022. Retrieved 29 March 2018.
  9. "Experian's Four Principal Business Groups". Experian. Archived from the original on 24 September 2017. Retrieved 23 September 2017.
  10. "Free Credit Reports". Consumer Information. 26 March 2013. Archived from the original on 24 September 2017. Retrieved 23 September 2017.
  11. Dyer, Davis (1998). TRW: Pioneering Technology and Innovation since 1900. Boston: Harvard Business School Press. pp. 279, 309, 390. ISBN   0-87584-606-8.
  12. Marthews, Alex; Tucker, Catherine (5 December 2019). "Privacy policy and competition" (PDF). Brookings Institution. p. 13. Archived (PDF) from the original on 10 October 2021. Retrieved 29 January 2021.
  13. "Experian Investors Reap Substantial Returns". Los Angeles Times. 15 November 1996. Archived from the original on 31 July 2020. Retrieved 27 April 2020.
  14. "GUS shares soar on pounds 1bn acquisition". The Independent. London. 15 November 1996. Archived from the original on 26 January 2012. Retrieved 4 March 2018.
  15. "Large British Retailer to buy US credit data company". The New York Times . 15 November 1996. Archived from the original on 2 February 2009. Retrieved 18 April 2011.
  16. "London Stock Exchange company profile". London Stock Exchange. Archived from the original on 11 July 2009. Retrieved 17 July 2009.
  17. Gupta, Rohit (6 December 2018). Reward and Donation Crowdfunding: A Complete Guide for Emerging Startups. Notion Press. ISBN   978-1-68466-089-6. Archived from the original on 1 August 2020. Retrieved 27 April 2020.
  18. "Consumerinfo.com Settles FTC Charges". Federal Trade Commission. Archived from the original on 6 June 2010. Retrieved 15 July 2010.
  19. Experian to cut 200 jobs Archived 30 January 2008 at the Wayback Machine Computer Weekly. Retrieved 3 March 2008.
  20. Experian Canada Archived 10 December 2016 at the Wayback Machine . Retrieved on 25 March 2009
  21. Koren, James Rufus (23 March 2017). "Credit bureau Experian fined $3 million over misleading credit scores". Los Angeles Times . Archived from the original on 25 March 2017. Retrieved 24 March 2017.
  22. "After acquiring Clarity Services, Experian launches alternative-data-driven solution". Auto Remarketing. 19 March 2018. Archived from the original on 6 March 2019. Retrieved 21 May 2020.
  23. "Experian buys Brazilian cyber security firm ClearSale in $350 million deal". Reuters. 4 October 2024.
  24. Sullivan, Bob (10 May 2005). "Many free credit reports still aren't free". NBC News. Archived from the original on 23 April 2013. Retrieved 29 October 2006.
  25. "Experian, Consumerinfo.com Named in Class Action Suit". ConsumerAffairs.com. Archived from the original on 2 November 2006. Retrieved 29 October 2006.
  26. "Tories identify eight groups of voters as Labour look to Obama campaign for inspiration: The sophisticated tools that rivals hope will win them 2015 election revealed". The Independent. London. 6 November 2013. Archived from the original on 4 November 2016. Retrieved 1 November 2016.
  27. "Vietnamese National Charged in Widespread International Scheme to Steal and Sell Hundreds of Thousands of U.s. Persons' Personally Identifiable Information". 18 October 2013. Archived from the original on 6 March 2016. Retrieved 25 March 2016.
  28. Schwartz, Mathew (21 October 2013). "Experian Sold Data To Vietnamese ID Theft Ring". InformationWeek . UBM Tech. Archived from the original on 21 October 2013. Retrieved 22 October 2013.
  29. Seltzer, Larry (21 October 2013). "Experian caught up in ID theft investigation". ZDNet . Archived from the original on 21 October 2013. Retrieved 22 October 2013.
  30. Masnick, Mike (21 October 2013). "How Experian Sold Consumer Data To Popular ID Theft Service". Techdirt . Floor64, Inc. Archived from the original on 21 October 2013. Retrieved 22 October 2013.
  31. Doctorow, Cory (21 October 2013). "Experian sold consumer data to identity thieves' service". Boing Boing . Archived from the original on 24 October 2013. Retrieved 22 October 2013.
  32. 1 2 Krebs, Brian (20 October 2013). "Experian Sold Consumer Data to ID Theft Service". krebsonsecurity.com. Archived from the original on 22 October 2013. Retrieved 22 October 2013.
  33. Thielman, Sam (2 October 2015). "Experian hack exposes 15 million people's personal information". The Guardian. London. Archived from the original on 1 February 2017. Retrieved 26 October 2015.
  34. "Experian Breach Affects 15 Million Consumers". Krebs on Security. 5 October 2015. Archived from the original on 16 September 2017. Retrieved 23 September 2017.
  35. "Experian Data Breach". SABRIC. Archived from the original on 31 October 2020. Retrieved 29 October 2020.
  36. Shange, Naledi (20 August 2020). "How Experian was duped into handing over data on 24 million South Africans". TimesLIVE. South Africa. Archived from the original on 31 October 2020. Retrieved 29 October 2020.
  37. Hosken, Graeme (13 September 2020). "Data from huge Experian breach found on the internet". The Sunday Times. South Africa. Archived from the original on 31 October 2020. Retrieved 29 October 2020.
  38. "The largest personal data leakage in Brazilian history". OpenDemocracy.net. Archived from the original on 24 February 2021. Retrieved 22 February 2021.
  39. "Experian Challenged Over Massive Data Leak in Brazil". ZDNET. Archived from the original on 22 February 2021. Retrieved 22 February 2021.
  40. Krebs, Brian. "Identity Thieves Bypassed Experian Security to View Credit Reports". Krebs on Security. Retrieved 16 November 2024.
  41. "A Guide to Building Secure Web Applications/Preventing Common Problems/Parameter Manipulation". CGIsecurity. Retrieved 16 November 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.