US states of Iowa and North Carolina have joined other states studying a subsidiary of consumer credit history provider Experian Plc, over a data breach that exposed the social security numbers of about 200 million US citizens to potential criminal activity, according to a Reuters report.
Iowa and North Carolina were joining Illinois and Connecticut, who already announced investigations into the matter.Bill Brauch, director of the consumer protection division of the Iowa attorney general's office, confirmed that his state had joined the multistate probe.
In the probe, the states will examine whether companies took necessary steps to protect private data, whether they notified victims in a timely manner and whether they took any preventive measures after the breach.
Meanwhile, a spokeswoman for North Carolina's Attorney General, Roy Cooper, that he was gathering more information about the data breach. However, Cooper's office had not begun a formal probe. The news agency added that Experian is facing open rebuke due to its inability to notify people whose social security numbers were compromised in the data breach.
"It's troubling that Experian would wait three months after testifying, only to change their story, all while victims who had their identities stolen remain at risk as a result of this crime," McCaskill told Reuters via email.
In March, a Vietnamese man pleaded guilty in the New Hampshire federal court to managing an underground website that offered personal data of Americans including social security numbers. The data could be used for identity theft and other criminal activities reported by NBC News.
The man named Hieu Minh Ngo obtained some of the data through a US firm known as Court Ventures, which was bought by Experian in March 2012. The firm also has a data-share agreement with a firm known as U.S. Info Search to provide clients with access to a database of social security numbers of around 200 million Americans.