Approximately 329,000 Washington residents affected by Experian breach of T-Mobile customer data

For the Reporter

In the wake of a data breach at the credit-reporting company, Experian, affecting 329,000 Washington state T-Mobile customers, Attorney General Bob Ferguson offered consumers information about how to guard against potential identity theft.

“Protecting consumers from identity theft is a top priority, and prevention is our greatest tool,” Ferguson said. “I urge T-Mobile customers to take immediate steps to determine whether you have been a victim of ID theft and to protect your information going forward.”

According to T-Mobile and the credit-reporting company Experian, the breach compromised data that was used by T-Mobile to run credit checks of individuals who applied for T-Mobile services from Sept. 1, 2013 through Sept. 16, 2015. Unauthorized access was gained to Experian’s servers, exposing data including name, address, birthdate, Social Security number, other ID numbers (such as driver’s license, military ID, or passport numbers) and additional information used in T-Mobile’s credit assessment. An estimated 15 million consumers nationwide may have had their data compromised. Experian plans to notify affected consumers.

The Attorney General’s Office offers affected consumers the following advice to guard against identity theft:

• Monitor your credit reports. You are entitled to one free credit report every 12 months from each of the three nationwide credit bureaus (Equifax, Experian and Trans Union). You can request one free report from a different bureau every four months to monitor throughout the year.

• Consider placing a fraud alert with each of the three credit bureaus. An alert does not block potential new credit, but places a comment on your history. Creditors should contact you prior to opening a new account.

• Consider placing a security freeze with each of the three credit bureaus to prohibit the release of any information from your reports. A security freeze can help prevent identity theft since most businesses will not open credit accounts without checking a consumer’s credit history first. This increases the likelihood that if an ID thief tries to open a new account under your name, they will be denied.

• Beware of unsolicited calls or emails offering credit monitoring or identity theft services. Consumers should never provide their Social Security number, credit card numbers or other personal information in response to unsolicited emails or calls.

• If you find unexplained activity on your credit reports, or if you believe you are the victim of identity theft, check these resources for information on steps you can take to protect yourself.

• Review the Attorney General’s ID theft website.

Review the Federal Trade Commission’s ID theft website.

More information about this data breach and other recent data breaches can be found on the Attorney General’s website.

Ferguson strengthens Washington data breach notification law

Ferguson requested a new law concerning data breach notification this year.

This new law:

• Requires consumer notification as soon as possible and no later than 45 days whenever personal information is likely compromised.

• Requires that the attorney general be notified within 45 days when a data breach affecting more than 500 Washington residents occurs at a business, non-profit or public agency.

• Requires businesses, non-profits and agencies, to provide consumers with basic information they can use to help secure or recover their identities when they provide consumers with notice of a breach.