US senators send letter to Experian and T-Mobile CEOs to inquire about data breach

experianlogo

The saga of Experian’s data breach involving sensitive information from consumers that had their credit checked by T-Mobile continues today, with multiple US senators getting involved.

US Senators Richard Blumenthal (D-Conn.), Bill Nelson (D-Fla.), and Brian Schatz (D-Hawaii) have sent a letter to Experian CEO Brian Cassin and T-Mobile CEO John Legere regarding Experian’s data breach. The senators are concerned because valuable data like Social Security numbers, which are hard to change, were taken by the malicious party responsible for the breach.

According to the senators, the Experian data breach “demonstrates the need for legislation that addresses both consumer notification and sets minimum security requirements for companies that collect and store such sensitive consumer data.” They go on to request that Experian explain their investigations and findings on how the malicious part gained access to the consumer data stored on Experian’s server.

In its FAQ explaining the data breach, Experian says that it’s investigating the breach and working with law enforcement to get to the bottom of the matter. We haven’t heard anything about the situation from Experian since, and so considering both that and the type of information that was stolen, it’s no surprise to see some US Senate members pushing for Experian to share more information. Neither Experian nor T-Mo have issued statements in response to this letter, but I’ll be sure to update you if they do.

As a reminder, if Experian has notified you to say that your information may have been a part of this data breach, you should sign up for the free identity protection services that are being offered. There are two options available, and you can click here to find out how to sign up.

The letter from the three US senators to Experian and T-Mobile is as follows:

Dear Mr. Legere / Mr. Cassin:

We write with regard to the recent reported data security breach at Experian, which may have exposed the names, address, birth dates and Social Security numbers of fifteen million T-Mobile customers. This news is extremely troubling to us given the sensitive nature of the compromised personal data, and its particular value to identity thieves.

Unlike bank account numbers, which can be deleted as soon as a bank identifies fraud, Social Security numbers are hard to change and are tied to tax forms, credit cards, mortgages, bank accounts, health insurance, and medical records. By learning someone’s Social Security number, a criminal can obtain credit cards in a victim’s name, wire money from a victim’s bank account, or even access tax and medical records. According to the Department of Justice, 64 percent of the 17.6 million victims of identity theft in 2014 experienced a direct financial loss resulting from personal information fraud. This is particularly distressing based on your companies’ reported breach, because victims of personal information fraud lost an average of $7,761 compared to victims of bank or credit card fraud who lost an average of $780.

The Senate Committee on Commerce, Science, and Transportation has jurisdiction over commercial online practices and data security, and, as Ranking Members of the full Committee, the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and the Subcommittee on Communications, Technology, Innovation and the Internet, we have been advocates for data security and breach notification legislation that would better protect consumers and improve corporate responsibility. Experian and T-Mobile’s recent incident demonstrates the need for legislation that addresses both consumer notification and sets minimum security requirements for companies that collect and store such sensitive consumer data.

We request that Experian’s information-security executives provide a detailed accounting to the Committee regarding your investigations and latest findings on the circumstances that permitted unauthorized access to the personal information of so many Americans. We expect that your security experts have had enough time to thoroughly examine the cause and impact of the breach and will be able to provide the Committee with detailed information.

Sincerely,

Thanks, Ira!

Source: Senator Richard Blumenthal

Tags: , , , ,

  • David Thoren

    Right, because if there’s one organization I trust less than Experian to protect my data, it’s Congress.

    • Verizonthunder

      Hmmmm.. funny I trust my elected officials. Senator for my state even stayed while everyone but her bailed on getting our countries budget passed.

      • davidofmidnight

        Politics is funny in that most people like their own Congresspeople and Senators, who can do a lot for their constituents; but put all your elected officials in one room together, and they become idiots that most people hate.

        • Verizonthunder

          Except some politicians are for the people only to be outnumbered by a majority. Pay attention to your elected politician in your state. Happy with my state elected officials and kept there promise.

        • Rep Jones

          Was their promise to increase taxes and wasteful spending?

      • GoBD

        Same here. I would rather have the government in possession of my personal information. I don’t remember giving Experian or the other two bureaus permission to access my private information. They are after all, a private business and should have no authority to access my personal information unless I give it to them.

      • taxandspend

        Really? Even though they’re constantly being indicted?

    • BillSmitty

      +1000. Most names, addresses, and birth dates are already out there and all over the place. SS#’s are only slightly more “protected” and are used at banks, doctors, any financing offer, etc. It’s not as if this has been the only breach ever and the Federal govt ain’t that secure either. Sorry, but pure political grandstanding by these 3, IMHO.

      I’ve had my identity stolen and had automatic fraud alert protection for 7 years. It was only a slight inconvenience and almost only an issue with big purchases like a car where there was a short wait of a couple days at most to make sure I actually was the one that applied for whatever. Take the free credit monitoring for 2 years and smile.

      If u are not already monitoring all of your accounts on a weekly basis then you prob shouldn’t be using a computer, cellphone, credit card, etc anyway…go back underground.

  • It is important…

    The right thing to do, if not the responsible thing to do, that is, hold the CEOs accountable for the breach of data, especially my Social Security Number.

  • GinaDee

    In a perfect world T-Mobile and Experian would only use your SSN or other identifiable information to open/validate your credit worthiness then soon after destroy the data.

    However that is not common practice because T-Mobile (and every other company in America) wants to reserve the right to place a negative mark on your credit profile should you fail to pay them on time. For this reason they will not let go of that private information.

    Although the breach is on Experian…. T-Mobile still bears responsibility because of the information they request from consumers, the way they store it on their data centers, the way they transmit it to the credit bureau and the files they get put on with Experian. From what I understand T-Mobile files all of its customer data in only 2 or 3 files so it’s a much easier target for thieves who would rather not comb through thousands of encrypted files.

    • Golbez352

      Sadly I think my info has been stolen 4-5 times now. Could be alot worse, like when everyone in South Carolina that had filed taxes in last 10 years or something got stolen a few years ago.

  • Dark enV

    Had two phones ordered on my account yesterday by someone pretending to be me do it seems clear that my information is compromised. Looks like they’ll be cancelled though thankfully.

  • guest123

    I think we should ask for a free option to freeze credit or put a fraud alert provided by Experian and maybe a better option than CSID, be it LifeLock or one of the top ten ID monitoring service providers.

    And from the government we should ask something like Credit Numbers to be used instead of SSNs. Where we can get a new number when a compromise happens.

    • thepanttherlady

      It doesn’t cost you a dime to put a fraud alert on your credit reports, however, I don’t advise it unless you truly are a victim of fraud. They are a pain in the ass to deal with, especially if you know you’re going to be seeking any type of credit in the near future.

      • guest123

        Thanks for your reply.
        I was doing a little research and yes the ‘fraud alert’ is free and last for 90 days, then you can renew it indefinitely, they say. I’m not sure if they will charge you for renewing or not, and that’s because they are calling this option ‘initial alert’.
        Now the ‘credit freeze’ really looks like a pain in the ***.
        I think I’m gonna do the ‘fraud alert’ and see how it works.

        • Bob

          A credit freeze is not difficult and the best option. Monitoring is worthless because by the time you are alerted, it’s too late.

          Unless you are applying for credit many times during the year a freeze is no big deal. In fact it helps keep people from signing up for the quick credit offers at stores. A freeze can be placed online and removed online (either for a set time period or a specific merchant). I takes 2 minutes.

        • Brian T Florey

          My biggest gripe with the freeze is it cost $10 to temporarily remove and you have to do it through all 3 bureau unless you know which bureau your credit is being run through. That’s $30 every time you want to use your own, hard earned, credit for some companies fuck up since they don’t cover the freezes just some worthless monitoring.

      • Chris

        Alert is different than Locking the credit file though.

        Alert just tells lender that when someone is opening an account that they contact the number you provided before continuing with it.

        Locking it – is when lenders can’t see your credit history and because it’s locked they won’t make a decision and therefore won’t give you a new line of credit. So you have to deal with them and unlock it.

        • thepanttherlady

          I know how it works, thanks!

        • KlausWillSeeYouNow

          Do you want an OnePlus 2 invite? I received one recently and will happily give them away. :-)

        • thepanttherlady

          Awwwww, thanks for the offer!!

          I received an invite back in the first go round but decided to pass. Unfortunately, it wouldn’t let me forward it on since it was linked to my email address and account. :/ I’m using the Moto X Pure right now and patiently waiting for additional news on the Sony Z5 Ultra.

          Thank you for thinking of me!!! :)

        • KlausWillSeeYouNow

          No problem :) Yeah, the Z5 looks neat and the X Pure looks good too. I am hoping OnePlus adds in VoLTE support for B12 like they said they would and Wi-Fi calling will come with Marshmallow, so it looks like a good device. (Just hoping it gets an update sooner than later.) :-/

  • brybry

    My wife was within the time period so they recommended that I sign her up for one of the services. Pretty ridiculous that it’s only for 2 years. What happens after 2 years. You’re pretty much SOL unless you pay to continue the service.

    • k

      put a security freeze. i did. sucks, but your data is now out there. no telling when itll show up in the future. basically, were screwed for the rest of our life.

      • Allen Alberto Enriquez

        true K,
        Maybe another country we are serial killers under a different name, however all the information is correct and our government prosecutes us for crime someone else did, Experian has made hell out of my life.

        • Ralphie Dumpster

          Is that English?

        • Allen Alberto Enriquez

          Nope, shitzney language i made my version up, just as madea says her own, i speak dyslexia! Not everyone is normal as you Ralphie Dumpster, peace out. People like you is the reason I didn’t go to school. Discriminating types come and go just as the dirt we stand on.

  • Mike

    Oh no…here we go again…Senators pretending to care…

    • Jules

      It beats working.

  • Tmo1082

    Its funny that the U.S. government just got hacked and had to pull all of our Chinese spies because of it, but they turn around and get mad at companies. The U.S. government and U.S. company’s need to work together share their technology to upgrade their systems to prevent this from happening. Unless you use cash only and have no online foot print someone has you info.

  • john

    class action for their negligence!

    • Worthless Politicians

      we’re from the government and we are here to help.

  • Bob

    WHY does T-Mobile keeps getting pulled into this, Experian was hacked not t-mobile. Target was hacked, not visa and mastercard….. Experian is a credit agency with all account numbers, SSN, DL, Addresses, and DOB. Leave T-Mobile out of it!