Three Senate Democrats are seeking answers from credit agency Experian about the recent data breach that exposed up to 15 million T-Mobile customers.
Sens. Richard BlumenthalRichard BlumenthalOvernight Tech: AT&T, Time Warner CEOs defend merger before Congress | More tech execs join Trump team | Republican details path to undoing net neutrality Overnight Energy: Trump taps EPA foe to head agency | Energy reform bill officially dead CNN’s parent company promises to defend journalistic independence MORE (D-Conn.), Bill NelsonBill NelsonSenate clears water bill with Flint aid, drought relief House passes water bill with Flint aid, drought relief Fight over water bill heats up in Senate MORE (D-Fla.) and Brian Schatz (D-Hawaii) — all leading Democrats on the Senate Commerce Committee — wrote the two companies Wednesday, requesting information on how both firms were handling fallout from the hack.
“This news is extremely troubling to us given the sensitive nature of the compromised personal data, and its particular value to identity thieves,” the senators said in the letter sent Wednesday to T-Mobile CEO John Legere and Experian CEO Brian Cassin.
“Unlike bank account numbers, which can be deleted as soon as a bank identifies fraud, Social Security numbers are hard to change and are tied to tax forms, credit cards, mortgages, bank accounts, health insurance, and medical records,” they continued. “By learning someone’s Social Security number, a criminal can obtain credit cards in a victim’s name, wire money from a victim’s bank account, or even access tax and medical records.”
All three senators behind the letter hold leadership positions on the Commerce Committee. Nelson is the top Democrat of the overall panel, Blumenthal the ranking member of consumer protection subcommittee and Schatz the top Democrat on communications and Internet subcommittee.
The committee has been considering a bill from Nelson that would set national data security requirements and require companies to notify customers of a data breach involving personal information within a set timeframe.
The Experian breach is just the latest in a slew of hacks that have rattled the private sector. Mega data breaches at Target, Home Depot, JPMorgan Chase and others have exposed hundreds of millions of Americans’ personal data.
“Experian and T-Mobile’s recent incident demonstrates the need for legislation,” the letter said.
Nelson's bill mirrors a White House proposal on the subject, which would require breached companies to notify customers their information had been exposed within 30 days of discovering an intrusion. The measure would also establish minimum security guidelines for companies handling sensitive data.
But at least four other similar, yet competing, data breach bills are also circulating the upper chamber. Lawmakers have yet to figure whether to throw support behind one offering, or to combine their efforts.