Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Feds Pushed To Probe Experian Hack
Privacy Advocates Push Feds To Investigate T-Mobile, Experian Breach
Privacy Advocates Push Feds To Investigate T-Mobile, Experian Breach
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Last week’s hack against Experian, which exposed details on millions of T-Mobile customers, has privacy advocates up in arms. Dozens of consumer advocate groups and privacy organizations signed an open letter to the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) urging them to launch an investigation into the breach.

“We believe this breach, occurring at one of the nationwide CRAs [consumer reporting agencies], takes this problem to a whole new and dangerous level given the extraordinarily large amounts of critical financial information they hold,” according to the letter. “Identity thieves could play havoc of an unimaginably huge scale with access to such data, with potentially devastating consequences to consumers, financial institutions, and the American economy.”

A Terrifying and Unmitigated Disaster

The breach first made news last week, when Experian announced that a hacker of hackers had stolen the records of 15 million customers and potential customers who had applied for T-Mobile services or credit from September 2013 through September 2015. Among the information were names, dates of birth, addresses, and Social Security numbers, although no payment card or banking information was stolen, according to Experian.

The groups, led by the U.S. Public Interest Research Group, have requested that the agencies investigate both the reported breach and whether any other Experian databases might have been compromised. Experian is one of only three nationwide CRAs, and holds data on more than 200 million individuals. “A data security breach that affected Experian’s credit report files would be a terrifying and unmitigated disaster,” the advocates said.

For its part, Experian is claiming that the breach only affected one server that is kept separate from its credit bureau business, and that the consumer credit database was not impacted. But the information that was stolen could still be considered protected personal information under the Gramm-Leach-Bliley Act, according to the privacy groups.

Unanswered Questions

The letter called on the FTC and CFPB to investigate a number of different issues. In particular, the advocates want to know if Experian violated the data safeguard rules listed in Gramm-Leach-Bliley. This law requires that financial institutions explain their information-sharing practices to their customers and to safeguard sensitive data.

Another unanswered question is how Experian handles information from its partners, such as T-Mobile, differently from information contained in its credit report database. And if there are differences, why did Experian employ one set of safeguards for its credit bureau business and a different one for the T-Mobile customers? If there aren’t any differences, that could indicate that Experian’s other clients could be just as vulnerable to this sort of attack in the future, according to the privacy groups.

The privacy advocates also want to find out exactly what the CFPB is doing to regulate CRAs like Experian. CFPB is required to supervise CRAs as “larger participants.” The groups also encouraged CFPB and the FTC to require CRAs to provide free security freezes to customers affected by data breaches in the future.

Image credit: Experian/Apple; iStock/Artist's concept.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.