15 million T-Mobile users data stolen by hackers including names, addresses, SSN number
Global information services group Experian said on Thursday that one of its business units had been compromised. The breach occurred on a server that contained data from September 1, 2013, to September 16, 2015 on behalf of one of its clients, T-Mobile.
The personal data includes details of 15 million T-Mobile customers and applicants in the U.S. who at one point may have applied for T-Mobile service. These details includes names, birth dates, addresses, Social Security and drivers’ license numbers as well as other information required by T-Mobile’s internal credit assessment system.
The company said the breach did not expose payment or banking information, nor did it affect its consumer credit database.
Experian said it took immediate action upon finding the breach: it secured the server
and initiated a comprehensive investigation. It has also notified both U.S. and international law enforcement. Experian North America’s parent company, Experian is headquartered in Dublin, Ireland.
The data of the customer is stored by Experian when it runs a check on a customer’s credit score to find out if they qualify for service, and what promotions they are able to take advantage of. Basically, whether it is an existing or former customer, or even an applicant who has gone through a credit check and has chose to switch right after the approval process, is at danger.
“We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause,” said Craig Boundy, CEO of Experian North America. “That is why we’re taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation.”
The 15 million people affected by the breach represent more than a quarter of Bellevue, Washington-based T-Mobile’s 58.9 million customers, even though some of hit are no longer subscribers.
Taking responsibility for the breach, Experian said it’s in the process of notifying customers who may be affected. According to a T-Mobile spokesman, both existing and former customers would receive letters next week.
The company is providing two years of credit monitoring and identity protection services through Experian’s “Protect My ID” program. Any T-Mobile customers, irrespective of whether they were affected, can take advantage of the offer. An Experian spokesman said the fraud resolution service would be available for as long as customers require it.
T-Mobile CEO John Legere warned his customers in a tweet, blog post and frequently asked questions page. “Obviously I’m incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” he said. However, he did not offer much insight into the attack beyond what was already provided by Experian.
Experian cautioned consumers that under no circumstances would either Experian or T-Mobile call them or send them messages asking for personal information in connection with the breach.
“You may go to the website, but you should not provide personal information to anyone who calls you or sends you a message about this incident,” Experian said in a statement.