Experian Hack Exposes Info on 15 Million T-Mobile Customers
T-Mobile is the latest in a long line of major companies to be hit with a data breach. Even though it wasn’t directly the wireless carrier's fault, customers may still be victims of identity theft in the months ahead.
Experian, a vendor that processes T-Mobile’s credit applications, was hacked. Although the investigation is still underway, there is enough evidence to show that the hacker grabbed the records of about 15 million people. That batch includes new applicants requiring credit checks for service or device financing from September 1, 2013 through September 16, 2015.
“I’ve always said that part of being the Un-carrier means telling it like it is,” T-Mobile CEO John Legere [pictured] wrote in a blog post. “Whether it’s good news or bad, I’m going to be direct, transparent and honest.”
Legere Is Incredibly Angry
According to Experian, the stolen data included names, dates of birth, addresses, encrypted Social Security numbers and/or alternative form of ID such as drivers' license numbers, as well as additional information used in T-Mobile's own credit assessment. No payment card or banking information was taken.
"We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause," said Craig Boundy, chief executive officer, Experian North America. "That is why we're taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation."
This incident did not impact Experian's consumer credit database. Experian is notifying consumers who may be affected, and offering two years of credit monitoring and identity resolution services through ProtectMyID. That doesn’t make Legere feel any better.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” he said. “I take our customer and prospective customer privacy very seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
The Good News Is
We turned to Tim Erlin, a senior security analyst at advanced threat protection firm Tripwire, to get his thoughts on the breach. While this is certainly not good news for those affected, the fact that no other Experian customers appear to be compromised indicates that the company is segregating the data in a way that limits exposure, he told us.
“Breaches are a fact of life these days, and limiting damage is an important part of a comprehensive protection strategy,” Erlin said. “It’s rare to see a breach where the details don’t change after the initial announcement. We’re likely to see more information from both T-Mobile and Experian in the coming days as investigations proceed.”
Posted: 2015-10-28 @ 5:50am PT
I called Experian and told them that the two years of free service was not enough. Still waiting for a rep to call me back as I got bump up threw the chain of command. But I did some research and found that ProtectMyID has some of the worst reviews. Signed up with LifeLock instead. Will have to pay for LifeLock for the rest of my life thanks to them. I will do what ever I can to make them pay for it.
Posted: 2015-10-24 @ 12:27pm PT
Experian sends me a letter stating we know this can be "Frustrating". Who wrote this garbage, this goes way beyond frustrating. When the class action lawsuit hits them in bank account let's see if they think THAT'S frustrating.
Posted: 2015-10-19 @ 3:12pm PT
I got "free" iPad service from t-mobile and Experian has already contacted me about my personal information being breached.
Posted: 2015-10-18 @ 6:36pm PT
I switched to T-Mobile in July of 2014 and I only activated a device I got from Amazon.com and only paid for activation and the first month of service. They didn't need a credit check; does this mean my personal information is not compromised? PS: I sometimes pay my balance online.
Posted: 2015-10-18 @ 8:58am PT
I am a victim of this. It is ridiculous that they are offering credit protection through the same company that was breached. And ONLY 2 YEARS! Should be LIFETIME PROTECTION. Then they ask me to enter my credit card numbers on their site to protect those too! No thanks. Not giving you the last piece of data that WASN'T stolen... though I'm sure you already have that anyways.
Posted: 2015-10-03 @ 11:22pm PT
Why should anyone trust that Experian's consumer credit data is secure? If one database can be hacked, certainly another can.
Posted: 2015-10-02 @ 7:34pm PT
Experian's apology is not enough. They should be taken to task. It is unacceptable that in this day and age personal information (names, birth dates, addresses) is stored unencrypted.