Customer privacy groups are calling for the US Federal Trade Commission to investigate the breach at the credit agency and data broker Experian.
In a letter from the US Public Interest Research group, co-signed by 25 different data security and consumer advocacy organisations, the groups questioned the safety of customer information held by Experian after its recent hack.
Experian has stated that the hack was at a subsidiary identified by the company as ‘Decisioning Solutions’ which it acquired in 2013. However, at least five different groups of litigants are seeking class action suits – some against Experian and others against T-Mobile.
“We believe that it is incumbent on the regulatory agencies to fully investigate this breach, including whether other Experian databases have been breached,” wrote the signatories.
“As you know, Experian is one of the three nationwide consumer reporting agencies (CRAs), each holding data on over 200 million consumers. A data security breach that affected Experian’s credit report files would be a terrifying and unmitigated disaster.”
Now what Experian does to safeguard its information and how it differs from the company’s credit report databases is under the microscope. “What are the differences in security measures that would allow hackers to access the information of T-Mobile customers but not the main credit report files?” asked the PIRG letter.
“If there are differences, why weren’t the security measures used for the T-Mobile server? If there are no such differences, doesn’t this raise the troubling possibility that the servers holding highly sensitive credit and personal information of over 200 million Americans is vulnerable to a data hack by identity thieves?”
An Experian spokesman said: “Experian understands the concerns raised and we are prepared to respond promptly to requests from regulatory agencies for more details about the incident. Security is a top priority for the company, and Experian is committed to continuous investments in upgrading talent, processes, and technologies needed to protect our systems. Specifically, we made incremental investments of tens of millions of dollars in the last three years alone to strengthen our security positions.”