Twenty-five consumer groups urged the Federal Trade Commission and Consumer Financial Protection Bureau on Thursday to open an investigation into the recent Experian hack that exposed the personal information of nearly 15 million individuals.
In a letter sent to FTC Chairwoman Edith Ramirez and CFPB Director Richard Cordray, the groups – including The Center for Economic Justice, Consumer Action, the Consumer Federation of America, Consumer Watchdog, National Association of Consumer Advocates National Consumer Law Canter and PIRG groups from a number of different states – expressed “grave concerns” about the recent Experian breach of T-Mobile customer information and asked the government bodies to address six questions related to the hack.
“We believe that it is incumbent on the regulatory agencies to fully investigate this breach, including whether other Experian databases have been breached,” the letter reads. “As you know, Experian is one of the three nationwide consumer reporting agencies (CRAs), each holding data on over 200 million consumers. A data security breach that affected Experian’s credit report files would be a terrifying and unmitigated disaster.”
Among the questions the consumer groups want answered are details about whether the exposure violated the data safeguard rules under the Gramm-Leach-Bliley Act, what kind of data security standards the CFPB is requiring for nationwide CRAs, whether there were any differences in security measures that allowed the hackers access to the information of T-Mobile customers but not the main credit report files and, if so, why those security measures weren’t used on the T-Mobile server.
In announcing the cyber attack last week, Experian and T-Mobile acknowledged that the names, addresses, Social Security numbers, dates of birth and identification numbers (such as a driver’s license, military ID or passport number) of millions of T-Mobile customers were exposed to the hackers. Shortly after the hack, reports indicated that the stolen personal data had appeared for sale on the Dark Web.
“The undersigned organizations have worked on security breach issues for decades,” the letter continues. “We believe this breach, occurring at one of the nationwide (consumer reporting agencies), takes this problem to a whole new and dangerous level given the extraordinarily large amounts of critical financial information they hold. Identity thieves could play havoc of an unimaginably huge scale with access to such data, with potentially devastating consequences to consumers, financial institutions, and the American economy. We urge the CFPB and FTC to devote their fullest resources to addressing this issue.”
The letter followed news earlier this week that at least five lawsuits seeking class-action status had been filed against T-Mobile and Experian in federal court for negligence and violations of consumer protection laws. A sixth lawsuit names only Experian.
