[and] prevent fraud,” which makes it ironic that it was their data breach which put around 15 million T-Mobile users at risk of identity theft and fraud.
USA Today reports that “A hacker has acquired the records of 15 million T-Mobile customers and people who had applied for credit” and “affected two years [sic] worth of records,” by breaching Experian, T-Mobile’s vendor for processing credit applications. The breach apparently occurred in the first two weeks of September of 2015, and according to spokeswoman Susan Henson, “was discovered within two days, secured immediately, comprehensive forensic investigation launched (and still continuing) and we announced it today to quickly notify consumers.” To Experian’s credit, they have been both forthcoming and clear about the incident and who might be affected.
What can the hacker access?
Experian admits that the hacker was not only able to steal the information from T-Mobile subscribers, but that the very encryption software used to protect that information could have been compromised. If so, the hacker might be able to access users’:
- Full names
- Birth dates
- Social Security numbers
- Passport identification
- Drivers’ licenses
- Military IDs
The silver lining in this story, however, is that only one server was breached: thus, according to Experian, “Experian’s consumer credit database was not accessed in this incident, and no payment card or banking information was obtained.” Unfortunately, anyone with the type of personal information that was lost could find themselves on the wrong end of banking fraud, especially if the hacker is able to retrieve Social Security and drivers’ licenses.
What you can do to protect yourself
If you signed up for T-Mobile service between September 1st and September 13th of 2015, you could be at risk. T-Mobile customers are being offered “complimentary identity resolution services” and are encouraged to enroll by:
However, Experian’s efforts may not be enough. Though no banking information was allegedly lost, you should contact your bank and financial advisors simply to have the alert noted on your account. You may also wish to obtain a new Social Security number, if you can prove that yours has been stolen and is being used by a third party. If you contact your credit card companies and inform them of the breach, they may issue you new cards with new numbers as well, as a precaution.
Experian’s latest data breach is another example of a troubling trend. The more private and secure information we put out and have processed online, the greater risk we take of being subject to an attack. In today’s world, it may be impossible to avoid the cloud altogether, but we can start demanding more security and better regulations designed to protect ourselves. Experian may have handled the breach correctly, but the question still remains: why were the circumstances that led to such a breach allowed to persist in the first place?