Massachusetts Attorney General Maura Healey said on Friday she expects a multi-state probe will be launched into the breach at Experian Plc that compromised data of some 15 million people who sought to open accounts with T-Mobile US Inc.
“We have contacted both companies to review the circumstances and anticipate working with attorneys general across the country on this matter,” Healey said in a statement.
A spokeswoman for Healey declined to elaborate on plans for a potential multi-state investigation into the cyber attack that was disclosed on Thursday.
Illinois and Connecticut are also looking the breach, according to representatives for the attorneys general in those two states.
Spokespeople with Experian did not respond to requests for comment into the response from U.S. states on the breach.
In April 2014 several states announced a joint probe into a breach of Social Security numbers involving Court Ventures, a firm that Experian acquired.
SCOTTRADE A VICTIM
Discount broker Scottrade said on Friday that it was the victim of a cyber attack from late 2013 to early 2014 that compromised client names and addresses in a database with information on some 4.6 million customers.
The firm said it learned about the attack from federal law enforcement officials who were investigating the theft of data from Scottrade and other financial services firms. The company did not identify other potential victims. FBI officials could not be reached for comment.
News of the attack comes a day after Experian Plc disclosed a breach that compromised sensitive data of some 15 million people who sought to open accounts with T-Mobile US Inc.
The two incidents, announced on the first two days of the U.S. government’s Cybersecurity Awareness Month, are a stark reminder of the challenges businesses face in getting ahead of hackers following a string of massive breaches in recent years.
Scottrade said on its website that its trading platforms and client funds had not been compromised.
“Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident,” the company said.
Scottrade said it planned to offer customers identity theft protection services, had hired a computer forensics firm to investigate the attack, secured the intrusion point and beefed up network defenses.
Scottrade spokeswoman Shea Leordeanu declined to say if investigators had identified who was behind the attacks.