Skip to content ↓ | Skip to navigation ↓

Hackers have compromised the personal information of 15 million T-Mobile customers after successfully infiltrating one of Experian’s servers.

John Legere, CEO of T-Mobile, has published a letter about the incident:

“We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. [sic]”

t-mobileAs reported by The Register, the data is believed to have been taken from T-Mobile customers with postpaid accounts, or those who pay their charges after their monthly bills have been processed.

None of T-Mobile’s servers were affected by the incident.

Experian said in a statement that hackers succeeded in compromising a business unit containing customer information for T-Mobile, one of its clients. The global information services group believes that the encryption protecting customers’ personal data may have been compromised, though it has reassured its client base that neither its consumer credit base nor any other customers’ servers were hacked.

As a result of the incident, Experian has secured the affected server, initiated an investigation, and contacted law enforcement.

“We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause,” said Craig Boundy, Chief Executive Officer, Experian North America. “That is why we’re taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation.”

Experian said that it has begun notifying all victims and that it is offering them two years of free credit monitoring. Anyone who believes their data was exposed in the breach can sign up for that monitoring here.

News of this hack follows several months after legal action was filed against Experian for its failure to detect that a customer of its data broker subsidiary was a scammer who sold resold customers’ identities to thieves for nearly 10 months.

Hacking Point of Sale
  • John Walker

    Here we see a worst case scenario of a company who hold massive amounts of data of companies and individuals alike, here we also have a company who are not new to the impact of data breaches, yet they offer Data Breach Remediation Services.

    Now forgive me here, but whilst I can adjust my thinking to those who may not necessarily be focused in the security industry, when I see companies who suffer breach, who are offering such services, the level of flabbergast goes to the high number of the scale of unacceptability.

    To take this company forward with their security profile, it would pay dividends for them to consider their public facing OSINT exposure, and seek to discover their unknown unknowns, and then maybe post reviewing such subliminal disclosures, they may well move on step closer to join the security industry as a more secure and respected entity.