Massachusetts Attorney General Maura Healey (now governor-elect) this week announced a one-two punch: Experian will pay $13.6 million in a multistate lawsuit settlement over its infamous data breaches in 2012 and 2015, which compromised personal information of millions of consumers nationwide; and T-Mobile will hand over $2.5 million for its customers who were affected by the 2015 breach at the credit-monitoring provider.
Some 15 million T-Mobile customer credit applications were exposed in the 2015 attack on Experian, which handled the processing of the mobile carrier’s customer credit applications. Social Security numbers, birthdates, drivers’ licenses, and passport information were among the exposed consumer data.
In addition to the settlement fees, both Experian and T-Mobile committed to taking steps to better secure data. Experian also must provide five years of free credit monitoring to people whose data was exposed — on top of the free services that had previously been provided to victims. T-Mobile also agreed to tighten up vendor oversight.
AG Healey helped lead the investigation into the 2012 data breach, working with attorneys general in Connecticut, Illinois, Indiana, Maryland, New Jersey, North Carolina, Texas, and Vermont, and also worked on the 2015 breach investigation, headed up by the attorneys general of Connecticut, Illinois, Maryland, Texas, and Washington, DC.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.