US consumer groups are calling for a government investigation into a breach at credit data agency Experian.
Last week, the agency revealed that its database had been compromised by a hacker who stole the records of 15 million T-Mobile customers.
It was thought that the hacker obtained the name, address, social security number, date of birth and identification number of customers who were credit-checked by the company between September 1 2013 and September 16 2015.
US Public Interest Research Group (PIRG), which protects consumer interests, has written an open letter supported by 28 major consumer groups calling for the Federal Trade Commission and the Consumer Financial Protection Bureau to launch a full investigation into the breach.
The letter notes that Experian holds the personal information of over 200 million Americans and if its database systems were breached this could indicate that the hack was even more significant that the 15 million records that are known to have been compromised.
Experian is one of only three credit reporting agencies in America that holds data on US customers.
The letter reads: “Identity thieves could play havoc of an unimaginably huge scale with access to such data, with potentially devastating consequences to consumers, financial institutions and the American economy.”
US PIRG believes that the government agencies should be obligated to conduct a full investigation to determine if other data has been leaked.
“What are the differences in security measures that would allow hackers to access the information of T-Mobile customers but not the main credit report files?” the body asks.
“If there are differences, why weren’t the security measures used for the T-Mobile server? If there are no such differences, doesn’t this raise the troubling possibility that the servers holding highly sensitive credit and personal information of over 200 million Americans is vulnerable to a data hack by identity thieves?”
T-Mobile's chief executive John Legere has said that he will be reviewing the company’s relationship with Experian in light of the breach.
The US government recently admitted that 5.6 million fingerprints of employees working at the Office of Personnel Management and the Department of Defense were stolen in a similar attack on government servers.