Michigan Joins Combined $16 Million Multistate Settlements Over 2012 and 2015 Experian Data Breaches; Experian and T-Mobile Agree to Improve Data Protection Practices

LANSING – Michigan Attorney General Dana Nessel announced today that Michigan, along with a coalition of other attorneys general, has reached two multi-state settlements with Experian related to data breaches that occurred in 2012 and 2015 that compromised the personal information of millions of consumers nationwide. The coalition also reached a separate settlement with T-Mobile over a 2015 practice violation that affected more than 15 million people who applied for credit with T-Mobile. Under the settlements, the companies agreed to improve data protection practices and pay more than $16 million to the states. Michigan receives a total of $359,896 from settlements.

“When consumers do business with a company, they can trust that their personal information will only be used for legitimate purposes,” Nessel said. “Data thieves are relentless when it comes to stealing personal information and using it for malicious purposes. Companies must be relentless in protecting their data. These settlements are steps in the right direction toward holding companies accountable for keeping consumer data safe and secure.”

In September 2015, Experian, one of the big three credit reporting bureaus, reported that it experienced a data breach in which an unauthorized actor accessed part of Experian’s network that stores personal information on behalf of its client, T-Mobile. The breach involved information related to customers who applied for T-Mobile’s after-sales services and device financing between September 2013 and September 2015, including names, addresses, dates of birth, social security numbers, and identification numbers (such as driver’s license and passport numbers). , and related information used in T-Mobile’s own credit evaluations. The number of Michigan residents affected by the breach in 2015 was 330,892. Neither Experian’s consumer credit database nor T-Mobile’s own systems were compromised in the breach.

Also Read :  G7 Wired Controller for Xbox & PC

The 40-state, multi-state group received separate settlements from Experian and T-Mobile in connection with the 2015 data breach. under a $12.67 million In connection with the settlement, Experian has agreed to strengthen its due diligence and data protection practices going forward. These include:

  • Prohibit misrepresentations to its customers about the extent to which Experian protects the privacy and security of personal information;
  • Implementation of a comprehensive program of information security, which includes the principles of trustworthiness, regular reporting at the executive level and professional development of employees;
  • Due diligence rules requiring the company to properly vet acquisitions and assess data security concerns before integration;
  • Data reduction and disposal requirements, including specific efforts to reduce the use of Social Security numbers as identifiers; and
  • Specific security requirements, including those related to encryption, segmentation, patch management, intrusion detection, firewalls, access control, logging and monitoring, penetration testing, and risk assessment.
Also Read :  Falconer Uses 360 Camera To Record Epic VR Fly-Over

Settlement also requires Experian submission 5 years of free credit monitoring services to affected customers, as well as two free copies of their credit reports each year during this time period. This is in addition to the four years of credit monitoring services offered to affected consumers — two of which were provided by Experian after the breach and two provided through a separate class action settlement in 2019. The deadline to register for these early offers has passed.

If you are a class member in the 2019 class action settlement, you can sign up for these enhanced credit monitoring services. Affected consumers can sign up for 5 years of extended credit monitoring services and find more information about eligibility here. The registration window will be open for 6 months. Experian Information Solutions billing terms can be found here.

Separately $2.43 million settlement, T-Mobile agreed to detailed supplier management rules designed to strengthen supplier oversight going forward. These include:

  • Implementation of supplier risk management program;
  • maintain supplier importance ratings based on T-Mobile’s supplier contract inventory, including the nature and type of information the supplier receives or maintains;
  • impose contractual data security requirements on T-Mobile’s vendors and subvendors, including segmentation, passwords, encryption keys, and patching;
  • Creation of supplier evaluation and monitoring mechanisms; and
  • Appropriate action in response to supplier non-conformity prior to termination of contract.
Also Read :  Layoffs at big tech a boon for climate change firms

The settlement with T-Mobile is not related to an unrelated, massive data breach that T-Mobile announced in August 2021, which is still being investigated by a multi-state coalition of Attorneys General led by Connecticut. See T-Mobile’s billing terms here.

Concurrent with the 2015 data breach settlements, Experian agreed to pay an additional fee. $1 million to another Experian company – Experian Data Corp. (“EDC”)—accessed confidential personal information stored in EDC’s commercial databases to resolve a separate multi-state investigation into EDC’s failure to prevent or warn of a 2012 data breach that occurred when a private investigator posed as an identity thief. Under the resolution, passed by a separate group of 40 states, the EDC agreed to increase scrutiny and oversight of third parties providing personal information, investigate and report data security incidents to Attorneys General, and observe “Red Flags.” potential identity theft detection and response program. Experian Data Corp. See billing terms here.



Leave a Reply

Your email address will not be published.

Related Articles

Back to top button