Another day another hacker attack. This time hackers stole the records of 15 million T-Mobile customers. They did not hack T-Mobile, but credit monitoring service Experian.
Experian says that the hack was in an isolated incident over a limited period of time. It included access to a server that housed personal information of consumers who applied for T-Mobile USA postpaid services between Sept. 1, 2013 and Sept. 16, 2015. Consumers who got a T-Mobile contract in the last 2 years.
These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised.
T-Mobile CEO John Legere said in an open letter: “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy very seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
According to the T-Mobile FAQs about the hack, T-Mobile is offer two years of free credit monitoring service for customers who are concerned. Problem is that ProtectmyID is operated by Experian. John Legere responded on Twitter to concerned customers that he is looking for an alternative service offer as fast as he can.
I hear you re: Experian as service protection option. I am moving as fast as possible to get an alternate option in place by tomorrow.
— John Legere (@JohnLegere) October 1, 2015
T-Mobile appears to do a good job to be transparent about the incident. It is not their fault as Experian takes full responsibility. In the end such security breaches end up on the shoulders of consumers every time. Something has to change dramatically with how user data is stored by companies.
Originally posted in i4u News