- T-Mobile CEO Legere `incredibly angry' over hack at Experian
- Experian said no banking information was stolen in attack
T-Mobile US Inc. and a unit of credit-tracking firm Experian Plc are facing a growing list of lawsuits after hackers gained access to personal data on 15 million T-Mobile customers held on Experian servers.
The hack, revealed Oct. 1, exposed millions of Americans to potential identity theft, forcing customers and applicants to take costly actions to protect themselves from fraud, according to complaints filed as soon as a day later. By Wednesday, at least five such lawsuits were under way against T-Mobile and Experian, all seeking class-action status to represent everyone affected by the breach. A sixth lawsuit named only Experian.
Companies and government agencies have been stepping up protection efforts as hackers target troves of personal data that can be sold on the black market and used to carry out financial crimes. Even the most experienced and seemingly protective entities appear vulnerable.
“What makes the most recent breach so ironic is that Experian holds itself out as an expert in the field of data protection, touting its revenues in this area in the amount of $4 billion annually,” one of the plaintiffs said in a complaint.
Experian Information Solutions Inc., the U.S. unit of London-based Experian, held the data on its servers to perform credit checks on current and potential T-Mobile customers. The hackers stole names, addresses and Social Security numbers, T-Mobile said. People who submitted credit applications from Sept. 1, 2013, to Sept. 16, 2015, were affected.
The plaintiffs, who accuse the companies of negligence and violations of consumer protection laws, claim the stolen data is already appearing for sale in corners of the Internet known as the dark web, according to one of the complaints.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” John Legere, T-Mobile’s chief executive officer, wrote earlier in a letter to consumers.
California Attorney General Kamala Harris on Monday issued a statement urging the state’s T-Mobile customers and applicants to immediately place fraud alerts on their credit records or pay for security freezes.
The lawsuits were filed in federal courts in Chicago; Fort Lauderdale, Florida; and Santa Ana, California.
Gerry Tschopp, a spokesman for Experian in the U.S., didn’t return a call seeking comment on the complaints. Timothy O’Regan, a spokesman for Bellevue, Washington-based T-Mobile, a unit of Deutsche Telekom AG, didn’t respond to a message.
Other companies victimized by hackers in recent years include JPMorgan Chase & Co., Home Depot Inc., Sony Corp. and Target Corp. Target won court approval in March of a class-action settlement with more than 100 million people. Target’s $10 million accord included awards to individual customers of as much as $10,000 each.