When Target lost data on some 110 million customers, it recommended them to credit bureau Experian for “identity theft protection,” offering to cover the cost for a year.

Think you’re in better hands? Think again.

Sometime before the Target (TGT) hack, Experian had its own data leak — via a subsidiary. That data leak got plugged before Target sent victims to Experian. But it shows that even those entrusted with our most sensitive data don’t know how to protect it.

Experian unknowingly sold the personal data of millions of Americans — including Social Security numbers — to a fraudster in Vietnam. That guy then sold the personal information to identity thieves around the globe.

It wasn’t until U.S. Secret Service agents alerted Experian that the company stopped.

Hieu Minh Ngo, now 25, was caught and admitted to posing as a private investigator in Singapore to get exclusive access to data via Court Ventures, an Experian subsidiary. Ngo then sold access to fellow criminals.

Read more