Newsroom

Experian North America, a global information services group that specializes in credit reports, announced that one of its business unit servers containing data from client T-Mobile was hit by a data security breach in September. The data includes personal information from as many as 15 million consumers in the U.S.

Experian said the breach affected data for consumers in the T-Mobile system, including those who applied for T-Mobile services, from Sept. 1, 2013, through Sept. 16, 2015. Experian said the breach did not impact its consumer credit database.

The data included names, dates of birth, addresses, Social Security numbers and other forms of ID, but not payment card or banking data. Experian said it is notifying those who were affected and offering two years of credit monitoring and identity resolution services.

Experian was the credit bureau recommended by Target to its customers after its massive 2014 data breach. However, Experian had already had data breaches of its own previously – when it unwittingly sold the personal data of millions of Americans, including Social Security numbers, to a fraudster in Vietnam. The company stopped after being informed of the fraud by the U.S. Secret Service.

NAFCU continues to push for a strong data security standard for retailers akin to what credit unions already follow under the Gramm-Leach-Bliley Act.