Hawai’i to receive $182,000 in Experian and T-Mobile settlements for data breaches

The State of Hawai’i is expected to receive $182,000 as part of its share of two multistate settlements with Experian and T-Mobile over data breaches in 2012 and 2015 that compromised the personal information of millions of consumers nationwide.

Experian is one of the country’s big-three credit reporting bureaus.

The coalition also has obtained a separate settlement with T-Mobile in connection with the 2015 Experian breach, which impacted more than 15 million individuals who submitted credit applications with T-Mobile.

Under the settlements, the companies have agreed to improve their data security practices and to pay the states a combined amount of more than $16 million. Hawaiʻi will receive a total of $181,980.96 from the settlements, according to the State of Hawaiʻi Office of Consumer Protection.

“Companies must do a better job of protecting people’s personal information,” said Stephen Levins, executive director of the Office of Consumer Protection. “Any business that fails to have appropriate safety measures in place runs the risk of facing the consequences from law enforcement.”

In September 2015, Experian reported it had experienced a data breach in which an unauthorized actor gained access to part of Experian’s network storing personal information on behalf of its client, T-Mobile. The breach involved information associated with consumers who had applied for T-Mobile postpaid services and device financing between September 2013 and September 2015, including names, addresses, dates of birth, Social Security numbers, identification numbers (such as driver’s license and passport numbers), and related information used in T-Mobile’s own credit assessments.

There were 68,978 Hawaiʻi residents impacted by the 2015 breach. Neither Experian’s consumer credit database nor T-Mobile’s own systems were compromised in the breach.

A group of 40 states has obtained separate settlements from Experian and T-Mobile in connection with the 2015 data breach. Under a $12.67 million settlement, Experian has agreed to strengthen its due diligence and data security practices going forward.

The settlement also requires Experian to offer 5 years of free credit monitoring services to affected consumers, and two free copies of their credit reports annually during that timeframe.

This is in addition to the four years of credit monitoring services already offered to affected consumers — two of which were offered by Experian in the wake of the breach, and two that were secured through a separate 2019 class action settlement. The deadlines to enroll in these prior offerings have since passed.

If you were a class member in the 2019 class action settlement, you are eligible to enroll in these extended credit monitoring services. Affected consumers can enroll in the 5-year extended credit monitoring services and find more information on eligibility by clicking on the following: www.tmobileapplicant2015eisdatabreachsettlement.com.

The enrollment window will remain open for 6 months.

In a separate $2.43 million settlement, T-Mobile has agreed to detailed vendor management provisions designed to strengthen its vendor oversight going forward.

The settlement with T-Mobile does not concern the unrelated, massive data breach announced by T-Mobile in August 2021, which is still under investigation by a multistate coalition of states, co-led by Connecticut.

Concurrently with the 2015 data breach settlements, Experian has agreed to pay an additional $1 million to resolve a separate multistate investigation into another Experian-owned company— Experian Data Corp. — in connection with its failure to prevent or provide notice of a 2012 data breach that occurred when an identity thief posing as a private investigator was given access to sensitive personal information stored in the company’s commercial databases.