T-Mobile is the latest in a long line of major companies to be hit with a data breach. Even though it wasn’t directly the wireless carrier’s fault, customers may still be victims of identity theft in the months ahead.
Experian, a vendor that processes T-Mobile’s credit applications, was hacked. Although the investigation is still underway, there is enough evidence to show that the hacker grabbed the records of about 15 million people. That batch includes new applicants requiring credit checks for service or device financing from September 1, 2013 through September 16, 2015.
“I’ve always said that part of being the Un-carrier means telling it like it is,” T-Mobile CEO John Legere [pictured] wrote in a blog post. “Whether it’s good news or bad, I’m going to be direct, transparent and honest.”
Legere Is Incredibly Angry
According to Experian, the stolen data included names, dates of birth, addresses, encrypted Social Security numbers and/or alternative form of ID such as drivers’ license numbers, as well as additional information used in T-Mobile’s own credit assessment. No payment card or banking information was taken.
“We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause,” said Craig Boundy, chief executive officer, Experian North America. “That is why we’re taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation.”
This incident did not impact Experian’s consumer credit database. Experian is notifying consumers who may be affected, and offering two years of credit monitoring and identity resolution services through ProtectMyID. That doesn’t make Legere feel any better.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” he said. “I take our customer and prospective customer privacy very seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
The Good News Is
We turned to Tim Erlin, a senior security analyst at advanced threat protection firm Tripwire, to get his thoughts on the breach. While this is certainly not good news for those affected, the fact that no other Experian customers appear to be compromised indicates that the company is segregating the data in a way that limits exposure, he told us.
“Breaches are a fact of life these days, and limiting damage is an important part of a comprehensive protection strategy,” Erlin said. “It’s rare to see a breach where the details don’t change after the initial announcement. We’re likely to see more information from both T-Mobile and Experian in the coming days as investigations proceed.”
ClassActionLawyer:
Posted: 2015-10-02 @ 7:34pm PT
Experian’s apology is not enough. They should be taken to task. It is unacceptable that in this day and age personal information (names, birth dates, addresses) is stored unencrypted.