Experian facing several class action lawsuits as a result of T-Mobile data breach

experianlogo

We haven’t heard much about Experian since the days following the data breach that saw the records of 15 million people that applied for T-Mobile service get compromised. That’s changing today, though, because Experian has revealed that it’s become the target of “a number” of class action lawsuits related to the data breach.

Experian went on to say that it’s still working to investigate the breach, which happened on September 15. It’s also reiterated that the payment and bank information of consumers were accessed in the breach. When news of the incident first emerged, Experian said that consumer names, addresses, Social Security numbers, dates of birth, and ID numbers were accessed by the attackers.

While it’s good that no banking or payment information was accessed during the Experian breach, details like a person’s Social Security number and date of birth are pretty important, too. And while Experian hasn’t gone into detail on the extent of the cases being brought against it, with so many people affected by the September data breach, it’s no surprise to learn that there are multiple class actions targeting the company.

Via: Reuters
Source: Experian

Tags: ,

  • SP_Jon_M3

    Was customer baking info accessed in the breach or not?

    “It’s also reiterated that the payment and bank information of consumers were accessed in the breach”

    “While it’s good that no banking or payment information was accessed during the Experian breach,”

    • yankeesusa

      Lol, I noticed the same thing.

    • Rupesh

      It’s better to assume that customer info was accessed – In the initial days it was let know that SSN, DoB and the important details were breached including the encryption mechanism itself. Better to take precautions. Even if you think you might not be affected, sign up for their 2 years service (protect my id) or take the Transunion offer instead. But this is an effing mess created by them. IMO, Experian should not wait for anyone to report that their identity has been compromised and instead take pro-active actions to ensure that no one comes forward with a report.

  • steven berson

    I want to jump on this lawsuit!

    • ragumaster

      Edit :I want to JUMP on this lawsuit.

      • Nick Ramacciato

        Edit: I want to JUMP! on this lawsuit.

  • Steven

    Man this new guy is FULL of typos isn’t he. Don’t get me wrong, I screw up grammar and spelling all the time. But when its your job??? Shouldn’t you be a little more careful and proof read? At least adhere to the red and green squiggles that tell you something isn’t right.

    • JG

      Agreed.

  • GrammarPolicelol

    Hey Alex, was payment and bank information breached or not? You suck so bad at typing, I couldn’t tell. Can you please fix our article or maybe let somebody else write your articles? I’m not perfect in my spelling or other aspects of writing, however, it isn’t what I do for a living.

    • Chris

      “While it’s good that no banking or payment information was accessed during the Experian breach, details like a person’s Social Security number and date of birth are pretty important, too.”

      Pretty clear to me. Maybe you should learn to read?

      • derk p

        when taken with the sentence above it, it makes no sense

        Experian went on to say that it’s still working to investigate the breach, which happened on September 15. It’s also reiterated that the payment and bank information of consumers were accessed in the

      • If he couldn’t read, he would have missed the part where it said:

        “It’s also reiterated that the payment and bank information of consumers were accessed in the breach.”

  • Alex, you might want to correct that second paragraph where you said “It’s also reiterated that the payment and bank information of consumers were accessed in the breach”… not to be the grammar police but that’s a fairly important issue that may alert people a bit too much…

  • gg555

    “While it’s good that no banking or payment information was accessed during the Experian breach, details like a person’s Social Security number and date of birth are pretty important, too.”

    Seriously? I am tired of journalists giving Experian more or less of a pass on how bad this is. Maybe they just don’t get it.

    Having your Social Security number and date of birth stolen, along with your name and address, if far worse than having your credit card number or bank account number stolen.

    Credit Card numbers can be changed and this is routine with lost or stolen cards. Even a new bank account can be opened, to change the number, if necessary.

    Not only can you not change your Social Security number and date of birth, nor easily change your name or address, but this information can be used to open credit accounts in your name, get mortgages, get false passports and forms of identification. That’s what real identity theft looks like. It can ruin your life. Someone else can run around pretending to be you, ruin your credit rating, and have debt collectors coming after you for things you never did. They can get arrested and have you end up having a record or further warrants out for you arrest. Maybe you’ll even end up on a no fly list. And I promise you, when you try to get this stuff expunged from your credit history or judicial history, companies like Experian and the courts are not nice about it and will do everything to refuse to believe you. It will take lawyers and tens of thousands of dollars and years of your life to fix, if you ever really manage to do it.

    What happened at Experian is so far worse than what happned at Target or Home Depot. They’re just asking like it’s not as big of a deal. Why? Because with Social Security numbers, etc., the cost of any fraud will fall entirely on the indivual. With Credit Card numbers and bank account numbers the banks will end up eating the fraud.

    Get this right TmoNews. Banking and payment information are trivial. What was stolen from Experian not only can be will lead to destroyed lives (the information has already been seen for sale on darkweb black markets).

    • steveb944

      Glad to see someone understands the severity of this.

      • FaradayCage

        As a security professional and privacy advocate, it’s completely unacceptable that the company who permitted the breach has been further retained to provide credit monitoring. I realize it’s not really T-Mo’s fault, but this is an area they could have improved their response for. I am a loyal T-Mo customer going back to Aerial Communication days.

        Given the amount of information a person could input into these Credit Monitoring services (name/address/bdate/ssn, you can also add credit cards, DL numbers, passports, and the like), It’s only a matter of time until there is a breach to these services and we’ll be completely out of luck.

        Herd together folks, it’ll make picking us off easier.

    • Noremacam

      Agreed. I’d like to add that any identity protection service given thus far is just for 2 years. So any thief will see this and wait 2 years before abusing people’s identity’s and credit. So it’s effectively worthless.

      • gg555

        It’s worse than that. The identity protection services are worthless. No need to wait two years, they won’t stop a thief from abusing your credit now.

        Krebs on Security has a good article about why these services are worthless:

        http://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/

        There’s no harm in them, if you can get them for free, but basically they just let you know after the fact if something bad has happened. They do nothing to actually stop the activities of identity theft from happening in the first place. It would be like having a burglar alarm service that did not sound when your house was broken into, but just let you know after the fact that it happened.

        Basically, companies give these services away for free when some hack happens, so they can pretend like they’ve done something.

        The only really worthwhile thing you can do is to put a security freeze on your credit history at the three major credit reporting agencies (Transunion, Experian, and Equifax), plus at new one called Innovis. Then it will not be possible for anyone to open a new credit line in your name. Even you will be blocked, until you lift the freeze (which can be done temporarily).

        The freeze it a hassle and some companies charge a fee for placing and lifting the freeze. But it is really worth it. Trust me, if someone opens a credit account in your name, it will take months and months to undo it, if ever.

        Everyone should do the security freeze, whether they were the vicitim of a specific hack or not.

        Krebs in fact claims that everyone should assume that their information has already been stolen, even if they are not affected by a known hack. They say these hacks are so common now and often they’re not detected until long after the fact, even years later. So anyone could easily already be affected and just not know it yet.

  • shack

    How do I get in on This lawsuit