In the span of two days, mobile device users learned of two data breaches that could compromise their personal data. In one, Experian (a credit reporting agency) reported that it was hacked, potentially putting 15 million American consumers’ data at risk. Many of those consumers were T-Mobile customers who needed to submit to a credit check before signing up for a mobile plan. T-Mobile’s CEO John Legere issued a press release, stating that he was “incredibly angry about this data breach,” and that T-Mobile takes “customer and prospective customer privacy VERY seriously.” The second, far larger breach, affects approximately one billion Android mobile devices. The “Stagefright 2.0” security flaw—so-named because of another, similar “Stagefright” vulnerability from several months ago—allows hackers to access Android devices through disguised MP3 or MP4 media files—or even through logging into the same wifi network. Google will be rolling out patches to make devices more secure, but until then, users should be wary.
T-Mobile and Google are, no doubt, concerned about lawsuits, but must also consider the potential regulatory consequences of data breaches. We have previously discussed the FTC’s role in enforcing cybersecurity, and how it will likely assert its authority in more cases than ever before in the wake of its successes in the FTC v. Wyndham case. But the FTC is not the only regulatory body with a role in enforcing data security. As the list below shows, federal (and state) agencies are expanding their reach into the realm of data, and that reach will almost certainly only grow over time. Continue Reading