Consumer, Privacy Groups Urge Federal Regulators To Investigate T-Mobile/Experian Hack

A week after Experian revealed that hackers stole personal information for around 15 million consumers from a database of T-Mobile customers and applicants held by the credit reporting agency, a group of 25 consumer and privacy advocates are demanding that federal regulators open an investigation into the breach.

In a letter [PDF] to Consumer Financial Protection Bureau director Richard Cordray, and Federal Trade Commission chairwoman Edith Ramirez, the groups express their “grave concerns” raised by the “significant” hack.

“We believe this breach, occurring at one of the nationwide CRAs (Consumer Reporting Agencies), takes this problem to a whole new and dangerous level given the extraordinarily large amounts of critical financial information they hold,” the group, which includes U.S. PIRG, Consumer Federation of America, the National Consumer Law Center and our colleagues from Consumers Union, wrote. “We urge the CFPB and FTC to devote their fullest resources to addressing this issue.”

According to Experian, the breach included the name, address, Social Security number, date of birth, identification number (i.e., driver’s license, military ID, or passport number) and other information used in the credit assessment process for customers who applied for T-Mobile accounts after Sept. 1, 2013 and before Sept. 16, 2015.

So far, Experian says it has seen no evidence that the compromised data has been used, but that doesn’t mean it won’t be sold to scammy buyers eventually.

Additionally, the CRA maintains that the breached server belonged to an Experian “business completely separate from our credit bureau business.”

Still, because Experian is counted among the three nationwide CRAs, the group fears that the information of the more than 200 million consumers in the agency’s credit report files could be at risk.

“We believe that it is incumbent on the regulatory agencies to fully investigate this breach, including whether other Experian databases have been breached,” the letter states.

The group requested that the CFPB and FTC answer several questions regarding the breach, including whether a breach of the data constituted a consumer report under the Fair Credit Reporting Act, and whether the CFPB has the authority to require the nationwide CRAs to provide free security freezes to affected consumers.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.