I’m sure you’ve seen the news about the massive data breach at Experian that has exposed more than 15 million T Mobile customers’ sensitive data.
Today, Fight for the Future responded by launching a petition calling for Experian’s CEO to resign: https://www.youbetrayedus.org/experian
Experian has been hacked more than 100 times, but instead of improving their inadequate digital security, they are spending money lobbying Congress to pass CISA, the Cybersecurity Information Sharing Act, a bill that may give companies like them legal immunity in the event of a hack, as long as they share data with the government.
Ironically, earlier today we noticed the page where Experian is directing customers who have been affected by the hack, ProtectmyID.com/securityincident, was not protected by basic HTTPS encryption. We tweeted about it, and a few hours later the site now appears to be protected by HTTPS.
This is a perfect example of the flawed underlying logic behind CISA. Instead of encouraging companies like Experian to improve their deeply flawed security practices, this bill could offer them legal immunity, allowing them to shift blame to the government and giving them no incentive to secure their own networks.
Fight for the Future CTO Jeff Lyon said, "Experian CTO Brian Cassin has put the profits of his company above the well-being of his customers and our nation’s cybersecurity. Why should Experian bother fixing their security when they can just lobby their way out of the messes they make? This type of thinking is putting millions of people at risk. Cassin should resign and companies like Experian and T Mobile should take responsibility for the safety their customer’s data.”
Earlier today, Senator’s Burr and Feinstein issued a statement regarding the T Mobile breach where they used the news to encourage Congress to pass CISA. Their logic could not possibly be more flawed. We should be holding companies with negligent data practices accountable, not offering them legal immunity when they share data with government agencies who also have a terrible track record of protecting it.
Feel free to reach out to us for additional comments on the T Mobile / Experian breach and how it relates to cybersecurity legislation pending in Congress.