Critics say Experian CEO should resign after the latest data breach

Photo © lolloj - Fotolia

Pending legislation would give companies immunity for data breaches if they agree to share data with the feds

The latest security breach involving Experian is one too many, as an advocacy group sees it. Fight for the Future has launched a petition,calling for Experian's CEO, Brian Cassin,,to resign.,

"Experian has been hacked,more than 100 times, but instead of improving their inadequate digital security, they are spending money lobbying Congress to pass CISA, the Cybersecurity Information Sharing Act, a bill that may give companies like them legal immunity in the event of a hack, as long as they share data with the government," the group said in a statement.

The latest incident, involving confidential data on 15 million consumers,,occurred,when hackers breached a,system at the credit reporting agency, which had processed applications for T-Mobile.

"Experian,CEO Brian Cassin has put the profits of his company above the well-being of his customers and our nation's cybersecurity. Why should,Experian,bother fixing their security when they can just lobby their way out of the messes they make?" said Fight for the Future's Jeff Lyon.,"This type of thinking is putting millions of people at risk. Cassin should resign and companies like,Experian,and T Mobile should take responsibility for the safety their customers' data."

The CISA Connection

Both advocates and foes of CISA have used the Experian/T-Mobile breach to bolster their arguments.,

Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and Vice Chairman Dianne Feinstein (D-Calif.) issued a statement saying "includes strong commitments to personal privacy, while spurring the information sharing that is necessary to stop future cyber-attacks before they happen, not after Americans' personal, financial, and private information is stolen by foreign agents and criminal gangs."

A coalition of organizations opposes the measure, saying it would increase monitoring of Internet users, increase government secrecy, and remove judicial oversight for government surveillance. Many have described the cyber security bills as "cyber surveillance" measures.

Burr and Feinstein disagree.

"Despite strong bipartisan support in the committee and the Senate, and support from the administration and the business community, there are some groups that are opposing the bill out of a knee-jerk reaction against any communication between the government and industry," the senators said. "If these special interest groups are successful in mischaracterizing this bill, which authorizes purely voluntary sharing, they will only succeed in allowing more personal information to be compromised to criminals and foreign countries.”,

Fight for the Future said that argument "could not possibly be more flawed."

"We should be holding companies with negligent data practices accountable, not offering them legal immunity when they share data with government agencies who also have a terrible track record of protecting it," it said.

Wired Magazine in August called it a "myth" that,information,sharing would be voluntary and said that the legislation does not specify which agencies would have access to the data that companies share about their customers, saying that "relevant entities" would be specified only after the bill becomes law.


Take an Identity Theft Quiz. Get matched with an Authorized Partner.