Experian sells your data to marketers. Then sells you a subscription to see who bought your data. The same company profits from both sides of the transaction. In 2020, a researcher showed anyone could look up any American's credit score with just a name and address — no authentication needed. Experian sells identity theft protection. Experian is the identity theft vulnerability. 220 million Brazilians. 24 million South Africans. Experian doesn't just have breaches — it has country-scale breaches. The entire population of Brazil, exposed. The company that grades your creditworthiness cannot secure its own database. Your financial reputation is stored by a company that has leaked entire nations.
What they claim: Experian promotes credit monitoring to protect consumers from identity theft
What we found: Experian is simultaneously a credit bureau, a data broker, and an identity verification provider. The company sells consumer data to marketers, employers, landlords, and insurers — while also selling consumers a product to monitor who accesses their data. In 2020, a researcher demonstrated that Experian's API could be used to retrieve the credit score of any American by providing their name, address, and date of birth — with no authentication.
What they claim: Experian describes robust security measures protecting consumer data
What we found: In 2020, Experian South Africa suffered a breach affecting 24 million consumers and 793,749 businesses. In Brazil, Experian's subsidiary Serasa exposed data of 220 million Brazilians — essentially the entire population. Globally, Experian has been fined and sanctioned by regulators in the US, UK, South Africa, and Brazil for data security failures.