Experian hit with class-action lawsuits over T-Mobile breach

Credit firm Experian is facing a number of class-action suits over the recent breach of its servers that affected 15 million T-Mobile customers.

“It is currently not possible to predict the scope and effect on the Group of these various regulatory and government investigations and legal actions, including their timing and scale,” the company said in its half-year financial results.


T-Mobile revealed earlier this month that hackers had compromised encrypted data at the vendor, which processes the telecom carrier’s credit applications, sometime between Sept. 1, 2013, and Sept. 16 of this year.

The stolen data includes Social Security numbers and other ID numbers, such as driver’s license or passport numbers.

Experian on Tuesday pegged the one-off costs of directly responding to the breach at $20 million.

The company did not specify how many lawsuits it faces, saying only that it had been hit with “a number” of class actions and is currently assisting regulators and government agencies in their investigations.

“In the event of unfavourable outcomes, the Group may benefit from applicable insurance recoveries,” the company said.

Senate Democrats have been putting pressure on Experian to provide more information on its handling of the breach.

Sens. Richard Blumenthal (D-Conn.), Bill NelsonClarence (Bill) William NelsonThe Hill's 12:30 Report - Presented by Facebook - Divided House on full display Florida Democrats mired in division, debt ahead of 2022 Centrist Democrats pose major problem for progressives MORE (D-Fla.) and Brian Schatz (D-Hawaii) — all leading Democrats on the Senate Commerce Committee — wrote both Experian and T-Mobile the week after the breach requesting information on how both firms were handling fallout from the hack.

The following week, Sen. Sherrod BrownSherrod Campbell BrownDemocrats: Minimum wage isn't the only issue facing parliamentarian Menendez reintroduces corporate diversity bill Former Ohio GOP chairwoman Jane Timken launches Senate bid MORE (D-Ohio) — the ranking member of the Senate Banking Committee — demanded that Experian provide details about how the company is protecting victims and shoring up its systems.

“Experian has files on more than 220 million people. Protection of this information is of the utmost importance, especially because the scope of the information is vast and virtually no consumer can apply for credit without entering your system,” Brown wrote in a letter to Experian CEO Brian Cassin.

The Commerce Committee has been considering a bill from Nelson that would set national data security requirements and require companies to notify customers of a data breach involving personal information within a set timeframe.

“Experian and T-Mobile’s recent incident demonstrates the need for legislation,” the letter said.

The committee’s bill mirrors a White House proposal setting out breach guidelines and joins a host of similar bills competing in the upper chamber.