15 Million T-Mobile Customers Exposed in Experian Network Intrusion

Oct. 5, 2015

15 Million T-Mobile Customers Exposed in Experian Network Intrusion Late last week, Dublin, Ireland-based credit bureau Experian reported a server it maintained for one of its clients was hacked, possibly compromising the personally identifiable information of 15 million people. The company said Thursday it has begun notifying customers of T-Mobile who applied for device financing between Sept. 1, 2013 and Sept. 16, 2015 that a network intrusion exposed personal information including names, dates of birth, addresses, and Social Security numbers, as well as additional information used in T-Mobile’s own credit assessment.

The company was quick to say that payment card information was not involved, but recent trends have shown that payment cards are not the favored form of stolen information lately. With fraud schemes like account takeover and account creation increasingly being used in e-commerce environments to monetize stolen data, hackers are no longer targeting only retailers, processors and banks for payment card information. They are using the personally identifiable information found in the systems of other large organizations like health insurers and data aggregators like Experian.

T-Mobile CEO John Legere expressed his feelings about the breach in an uncommonly candid statement:

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.”

This isn’t the first time Experian has had issues with data protection. This year a Vietnamese man went to prison for using information sold to him by Experian to commit identity theft and fraud. The company faced a congressional inquiry two years ago on that matter and may face official scrutiny for the current breach. Massachusetts Attorney General Maura Healy told Reuters she expects a multi-state investigation into the T-Mobile breach.