(The Center Square) – Texas will receive $1.63 million out of a national settlement reached with Experian and T-Mobile stemming from a 40-state attorneys general investigation.
Earlier this month, the coalition announced it had obtained settlements totaling more than $16 million with Experian Data Corp., Experian Information Solutions, and T-Mobile.
The settlements stem from a Sept. 15, 2015, Experian data breach that impacted more than 15 million people, including nearly two million Texans, who’d submitted credit applications with T-Mobile, an Experian client. As a result, Texas will collect and distribute approximately $1.63 million.
“These data breaches put millions of Americans’ privacy and personal information at risk, including nearly two million Texans. This settlement is an important step in ensuring that there is accountability,” Texas Attorney General Ken Paxton said in a statement on Wednesday. “My office will continue to enforce Texas laws that require the safeguarding of consumers’ personal information.”
As part of the settlement agreement, EIS will provide five years of free credit monitoring services to affected consumers and two free copies of credit reports annually over this time period. The settlement also provides eligible consumers with automated alerts of any changes to their credit score, Social Security number monitoring, including dark web surveillance, and a $1 million identity theft insurance policy.
Eligible consumers interested in receiving free credit monitoring services can find more information here.
Experian maintains that “a cyber attacker gained unauthorized access to portions of the Experian Network that stored personal information of consumers who’d applied for services offered by T-Mobile USA, Inc.” Those impacted had applied for T-Mobile postpaid services and device financing between September 2013 and September 2015.
“The compromised information included names, addresses, dates of birth, Social Security numbers, government identification numbers, and related information used in T-Mobile’s assessment of consumers’ credit histories,” according to Experian.
In addition to paying settlement money to the states, Experian Information Solutions (EIS), T-Mobile, and Experian Data Corp. agreed to strengthen their consumer protections by beefing up their compliance terms. This includes ensuring misrepresentations aren’t made to clients about the extent to which Experian protects their privacy and security of personal information. It also includes requiring them to implement a comprehensive Information Security Program, to create due diligence provisions requiring Experian to properly vet acquisitions, and to evaluate data security concerns prior to integration and implementing a range of security measures related to “encryption, segmentation, patch management, intrusion detection, firewalls, access controls, logging and monitoring, penetration testing, and risk assessments.”
In a separate settlement, T-Mobile also agreed to strengthen its vendor oversight process by implementing a Vendor Risk Management Program, to maintain a T-Mobile vendor contract inventory, including vendor risk ratings, to impose contractual data security requirements on T-Mobile’s vendors and sub-vendors, and to establish vendor assessment and monitoring mechanisms, among other processes.
The settlement with T-Mobile excludes another massive data breach the company announced in August 2021, which a multistate coalition of attorneys general is currently investigating.