DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The complaint to FTC about Experian that accomplished… what?

Posted on October 1, 2015 by Dissent

Today, Experian disclosed another data breach. This one affected 15 million customers of T-Mobile USA, for whom Experian hosts consumer data used for credit checks for new accounts.

In tweeting my frustration about this latest incident, @emptywheel suggested I post the complaint I filed with the FTC about Experian in 2012. After some thought, I’ve decided to do just that.

As background: in April 2012, this blogger filed a complaint with the FTC about two patterns of data breaches reported by Experian. One type of breach involved their clients’ login credentials being misused to access their credit report database(s). The other type of breach involved people being able to authenticate as consumers and access the credit reports for those consumers.

At the time I filed the complaint, I was aware of 72 data breaches reported by Experian to state attorneys general in the handful of states that had centralized breach reporting.  Of those 72 reported breaches, 62 involved misuse of client login credentials. Jordan Robertson of Bloomberg also subsequently reported on the breaches.

Since April 2012, I have continued to update the FTC by e-mail as more breaches have been reported (and cf, this post). As of my last update to the FTC, there were now reports by Experian of 109 data breaches where clients’ login credentials were misused, plus additional breaches where unknown individuals were able to authenticate as consumers to access their credit reports.

And that doesn’t include the Court Ventures mess, which also involved Experian.

So if you’re a T-Mobile USA customer who’s ticked off at Experian over this newest data breach, maybe you should join me in asking the FTC what, exactly, they’ve done with respect to Experian and enforcing data security to protect consumers. They certainly can’t claim they didn’t know and weren’t warned that there were concerns, because here’s the complaint (pdf) they received in April, 2012.

Category: Business SectorCommentaries and AnalysesHackOf NoteU.S.

Post navigation

← Experian’s servers hacked; 15 million T-Mobile USA customers affected (UPDATED)
American Bankers Association notifies 6,400 to reset passwords after hack and data dump →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.