The Senate Banking Committee’s top Democrat wants Experian to disclose more information about a data breach resulting in the theft of personal details on millions of T-Mobile customers.
Sen. Sherrod Brown, D-Ohio, sent a letter to Experian calling for the company to explain how the breach occurred and what changes it will make to its systems to stop it from happening again.
Along with increased disclosure about the breach, Brown wants Experian to provide "credit freezes" to affected customers for free. Credit freezes allow customers to restrict access to their credit reports in cases of potential identity theft, but credit agencies commonly charge for the service.
Brown also asked Experian to explain how well its credit monitoring and identity theft protection services work.
When Experian acknowledged last week that hackers had broken into one of its servers, it was not just the 15 million T-Mobile customers whose personal information was compromised. Because of the sensitive nature of the information stolen — including Social Security numbers, military ID numbers and passport data — the breach affects banks and any other U.S. companies that let people open or use accounts by providing personal information.
"Protection of this information is of the utmost importance, especially because the scope of the information is vast and virtually no consumer can apply for credit without entering your system," Brown wrote in a letter sent to the company Wednesday.
Data breaches, identity theft and cyber security have become a priority as more companies have disclosed breaches of their systems. Lawmakers have attempted to legislation to address the issue, including a bill that would require companies to inform their customers about a breach within 30 days of learning about it themselves.
The Experian breach was the latest high-profile company data breach in recent years following attacks on Home Depot, Target and others.
Experian's main consumer credit database was not broken into, Experian said, and T-Mobile and Experian are providing two years of credit monitoring services and identity theft recovery services for free.
When personally identifiable data is stolen, which in this case included hard-to-replace identification numbers along with names, addresses, dates of birth and other information used in T-Mobile's own credit assessment, information potentially can be used to compromise existing banking and card accounts and open new fake accounts. When payment card data is breached, customers can be notified, card accounts canceled and everyone can move on.
Experian has reassured the public that no banking or payment data was stolen. In a statement, Experian said they had received Brown's letter, "understand the concerns raised" and will respond accordingly.