Experian says investigating if involved in Brazil data breach

(Reuters) - Credit data firm Experian said on Monday it was continuing to investigate whether the personal data of millions of people in Brazil that was found to be illegally offered for sale online could be connected with its Brazilian business Serasa.

UK-listed Experian, the world’s largest credit data group, said so far it had found that the data offered for sale included photographs, social security details, vehicle registrations and social media login details, which Serasa does not collect or hold.

“In spite of exhaustive investigations to date there is no

evidence that our technology systems have been compromised,” the company said.

Premarket indicators pegged a 2% fall for its shares at market open.

Local news reports in Brazil said cybersecurity researchers discovered in January that the personal data of more than 200 million people may have been leaked and offered for sale online, but it is not clear where the data came from.

The news of the breach comes less than a year after Brazilian health insurer Hapvida said it suffered a cyber attack potentially involving access to the personal information of its customers.

São Paulo-based plane manufacturer Embraer said last December that it had been targeted by hackers, who obtained the disclosure of data allegedly attributed to the company.

Experian, however, said there was no evidence that positive or negative credit data had been illegally obtained from Serasa.

Equifax Inc, the U.S.-listed rival to Experian, announced the largest-ever settlement for a data breach in 2019, agreeing to pay up to $700 million to settle claims it broke the law during a massive 2017 breach of data relating to customers in the U.S., Britain and Canada and to repay harmed consumers.

Reporting by Muvija M in Bengaluru; Editing by Rachel Armstrong