The saga of Experian’s data breach involving sensitive information from consumers that had their credit checked by T-Mobile continues today, with multiple US senators getting involved.
US Senators Richard Blumenthal (D-Conn.), Bill Nelson (D-Fla.), and Brian Schatz (D-Hawaii) have sent a letter to Experian CEO Brian Cassin and T-Mobile CEO John Legere regarding Experian’s data breach. The senators are concerned because valuable data like Social Security numbers, which are hard to change, were taken by the malicious party responsible for the breach.
According to the senators, the Experian data breach “demonstrates the need for legislation that addresses both consumer notification and sets minimum security requirements for companies that collect and store such sensitive consumer data.” They go on to request that Experian explain their investigations and findings on how the malicious part gained access to the consumer data stored on Experian’s server.
In its FAQ explaining the data breach, Experian says that it’s investigating the breach and working with law enforcement to get to the bottom of the matter. We haven’t heard anything about the situation from Experian since, and so considering both that and the type of information that was stolen, it’s no surprise to see some US Senate members pushing for Experian to share more information. Neither Experian nor T-Mo have issued statements in response to this letter, but I’ll be sure to update you if they do.
As a reminder, if Experian has notified you to say that your information may have been a part of this data breach, you should sign up for the free identity protection services that are being offered. There are two options available, and you can click here to find out how to sign up.
The letter from the three US senators to Experian and T-Mobile is as follows:
Dear Mr. Legere / Mr. Cassin:
We write with regard to the recent reported data security breach at Experian, which may have exposed the names, address, birth dates and Social Security numbers of fifteen million T-Mobile customers. This news is extremely troubling to us given the sensitive nature of the compromised personal data, and its particular value to identity thieves.
Unlike bank account numbers, which can be deleted as soon as a bank identifies fraud, Social Security numbers are hard to change and are tied to tax forms, credit cards, mortgages, bank accounts, health insurance, and medical records. By learning someone’s Social Security number, a criminal can obtain credit cards in a victim’s name, wire money from a victim’s bank account, or even access tax and medical records. According to the Department of Justice, 64 percent of the 17.6 million victims of identity theft in 2014 experienced a direct financial loss resulting from personal information fraud. This is particularly distressing based on your companies’ reported breach, because victims of personal information fraud lost an average of $7,761 compared to victims of bank or credit card fraud who lost an average of $780.
The Senate Committee on Commerce, Science, and Transportation has jurisdiction over commercial online practices and data security, and, as Ranking Members of the full Committee, the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and the Subcommittee on Communications, Technology, Innovation and the Internet, we have been advocates for data security and breach notification legislation that would better protect consumers and improve corporate responsibility. Experian and T-Mobile’s recent incident demonstrates the need for legislation that addresses both consumer notification and sets minimum security requirements for companies that collect and store such sensitive consumer data.
We request that Experian’s information-security executives provide a detailed accounting to the Committee regarding your investigations and latest findings on the circumstances that permitted unauthorized access to the personal information of so many Americans. We expect that your security experts have had enough time to thoroughly examine the cause and impact of the breach and will be able to provide the Committee with detailed information.
Source: Senator Richard Blumenthal