Experian sold consumer data to popular ID theft service which posed as a U.S. based private investigator

Experian apparently sold a ton of consumer data to an ID theft services, Superget.info, run out of Vietnam by a guy named Hieu Minh Ngo. Ngo was just arrested, after a grand jury indictment, and the feds luring him out of Vietnam to Guam over a supposed business deal. However, more interesting is the background here, in which Ngo was apparently able to buy access to a ton of consumer data that originated from U.S. Info Search. How he got it, and Experian's involvement, was a bit complex.

Basically, U.S. Info Search had an information sharing deal with a company called Court Ventures -- who was purchased by Experian in early 2012. The deal between USIS and Court Ventures was that both parties could sell their data, but in both cases, they're supposed to only sell it to registered US businesses. Apparently Court Ventures wasn't all that careful about that requirement. It appears that Ngo convinced Court Ventures that he worked for a US-based private investigator, and that was enough for Court Ventures. Krebs spoke to the CEO of U.S. Info Search, Marc Martin, who provided more info, which he found out after hearing about all this from the Secret Service:

While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.  

“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the databreach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.” 

Krebs's investigations raise troubling questions about the security of the world's biggest data brokers who know some of the most intimate private details on hundreds of millions of people. If these services are so vulnerable to fraud and hacking, can they really be trusted by consumers to prevent identity theft?
http://www.techdirt.com/articles/20131021/10565524945/how-experian-sold-consumer-data-to-popular-id-theft-service.shtml

http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service/
http://arstechnica.com/security/2013/10/can-we-trust-the-data-brokers-who-store-our-most-intimate-private-details/