Massive breach: Hackers steal 15 million T-Mobile users’ data from Experian

October 5th, 2015, by

The private details of 15 million T-Mobile customers have been stolen. On Thursday, T-Mobile announced that hackers had breached Experian’s network, which the carrier uses to check the credit reports of customers applying for a phone. The data stolen included Social Security numbers, home addresses, passport ID numbers, drivers’ license numbers and birth dates, among other personal information.

The breach occurred about two weeks ago. The hack “was discovered within two days, secured immediately, comprehensive forensic investigation launched (and still continuing) and we announced it today to quickly notify consumers. Our notification to state attorneys’ general happens tomorrow,” Experian spokeswoman Susan Henson told sources.(1)

Experian reports that customers who applied between Sept. 1, 2013, and Sept. 16, 2015, may have had their private information stolen. The global information service says it immediately alerted law enforcement after officials discovered the hack had taken place. Both companies report that neither payment cards nor banking information were affected by the breach.(2)

T-Mobile CEO outraged by most recent string of hacks

“I take our customer and prospective customer privacy VERY seriously. This is no small issue for us,” T-Mobile’s CEO John Legere said in a statement. “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.”(3)

Experian is scrambling to clean up the damage. They said they have notified all victims of the breach and have offered them two years of credit monitoring. Anyone who thinks their information may have been stolen can sign up for credit monitoring by visiting Experian.com.

As of right now, Experian has no idea who is responsible for the breach but says it is taking the necessary steps to thwart future hacks from happening. The hack occurred in Experian’s online server and is still under investigation.

This recent breach is just one among a series of hacks that have taken place within the past few years. Ashley Madison, Sony Pictures, Home Depot, Target, eBay, and the U.S. Office of Personnel Management have all experienced hacking problems in recent years. Almost 800 U.S. organizations reported data breaches in 2014, with many of the hacks coming from other countries such as China.(2)

Phone service says Experian at fault

Insofar as data beaches are concerned, it could have been a lot worse for Experian if hackers had obtained credit card and banking information of T-Mobile customers. The biggest challenge will be trying to restore the trustworthiness of both companies.

In an effort to do just that, T-Mobile has shifted the blame onto the shoulders of Experian by stating, “Experian has taken full responsibility for the theft of data from its server. Our vendors are contractually obligated to abide by stringent privacy and security practices, and we are extremely disappointed that hackers could access the Experian network.”(3)

This isn’t the first time Experian has been in hot water. Just last year, the company granted a Vietnamese identity theft service access to more than 200 million customers’ data. The latest breach with Experian is unique because T-Mobile is also involved in the scandal.(3)

T-Mobile is among the top three wireless carriers in the U.S., trumping Sprint this year. The company describes itself as an “un-carrier” for substituting the two-year service contract with monthly installment payments. Verizon and AT&T remain the largest wireless carriers in the country.(2)

Sources include:

(1) USAToday.com

(2) BostonGlobe.com

(3) WIRED.com