The latest Experian hack jeopardizes 15 million T-Mobile customers.

Posted by:

Up until now, hackers and cyber criminals compromised big corporations and stole their consumer databases, and then credit monitoring bureaus, like Experian, were counted on the clean up the ensuing mess to thwart identity theft and justify credit scoring. However, last week Thursday, the paradigm was turned upside down in an event that shocked the industry. Hacker actually tapped into Experian’s data, and once the fox was inside the hen house stole the sensitive financial information from 15 million people, most of them T-Mobile customers.

Experian confirmed the data breach, admitting that hackers got the names, addresses, social security numbers, driver’s licenses, and passport numbers of about 15 million T-Mobile consumers who had recently applied for credit checks through Experian. Specifically, the hack affects T-Mobile customers who applied for postpaid services or device financing between September 1, 2013 and September 16, 2015.

Reportedly, Experian did not name the database interloper, who was first discovered when an unauthorized user was detected within the Experian server. The Connecticut Attorney General has launched a full-scale investigation into the cyber attack.

Experian takes “full responsibility” for the data breach and reports that no other consumers or databases were hacked other than T-Mobile. They are offering free credit monitoring services to those affected.

While data breaches aren’t uncommon these days – with hundreds of millions of consumers’ information hacked from corporations and government data houses in the last few years – industry insiders suspect this is a disturbing new and ultra-aggressive trend in data theft and cyber crime.

Experian – and its counterpart credit monitoring bureaus – do far more than collect data used to tabulate credit scores and issue reports. In fact, they are in the big business of collecting every scrap and shred of consumer information possible including customer loyalty cards, tracking purchases, and public records that include real estate liens and bankruptcies. They then offer the information to advertisers who use it to post automated ads to individuals.

Industry experts predict that breaches like this will have far-reaching consequences for the public. That’s because data brokers are trusted to “anonymize” customer data to keep it safe and discreet, as well as store it, prepping it for sale and use by advertisers and marketing networks.

It’s quite possible that this Experian breach signals a new wave of strategic attacks by hackers – or even multinational cyber terrorists – to steal your data right from the source.

A statement from T-Mobile’s CEO, John Legere:
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY [sic] seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”

A message from Experian CEO Craig Boundy:
“As you may have heard, we recently detected unauthorized access to a server that contained data for one of our clients, T-Mobile USA. No other clients were impacted and our consumer credit database was not accessed in this incident.
First and foremost, let me sincerely apologize for everyone affected by this event.
I’d like to take a moment to provide you with facts about what happened and the steps we are taking to protect you and your information:
Here’s what we know:
-The unauthorized access was in an isolated incident over a limited period of time. It included access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services between September 1, 2013 and September 16, 2015.
-The information included names, dates of birth, addresses and Social Security numbers.
-The server belonged to an Experian business completely separate from our credit bureau business. The incident did not impact our consumer credit database.
-While we have no indication to date that the data has been used, as soon as we detected the incident, we took immediate action to:
◦           Secure the server
◦           Prepare to notify all impacted consumers with guidance on how to protect themselves
◦           Notify law enforcement, including the FBI, to assist with their criminal investigation
To provide support and help alleviate concerns, we are providing two years of free credit monitoring and identity protection services to anyone impacted.
For more information regarding the investigation and the actions Experian is taking to protect consumer information, please visit

Once again, let me apologize for this event and we will continue to work tirelessly to earn your trust.
Thank you.”


About the Author:

  Related Posts

You must be logged in to post a comment.