The September 2015 data breach at Experian exposed the personal information of nearly 15 million wireless carrier customers, and we are just now learning the cost.

Data privacy and securityA recent earnings report revealed the company has expended $20 million in its response to the breach, which exposed information including names, addresses, birthdates, social security numbers, driver’s license numbers, and passport numbers.

The data is used by Experian in the credit-check process and as part of its customer registration. The breach expenses stemmed from notification and credit monitoring for the affected individuals and is likely just the beginning of the company’s deepening woes. Several class action lawsuits were filed and there are government probes that Experian must cooperate with.

So far in 2015, security lapses have affected tens of millions of individuals. As in other high-profile breaches, Experian may ultimately find itself liable for tens of millions of dollars – even after insurance payouts – due to the part it played in leaking personally identifiable information to unauthorized third parties.

The sheer enormity of breach-related damages must also be consider in conjunction with the loss of both shareholder and customer confidence. These combined consequences underscore the need for companies to be exceedingly vigilant and proactive in matters of information security.