Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    15 Million T-Mobile Customers at Risk Thanks to Experian Breach

    By
    Sean Michael Kerner
    -
    October 2, 2015
    Share
    Facebook
    Twitter
    Linkedin
      T-Mobile breach

      From Sept. 1, 2013 until Sept. 16, 2015, hackers were pilfering T-Mobile USA’s customer information, and no one knew about it—until yesterday.

      Approximately 15 million T-Mobile USA customers and applicants are at risk because of a data breach at Experian, which handles customer information on T-Mobile USA postpaid and device financing services. Experian claims that on Sept. 15 it discovered that an unauthorized party somehow had accessed an Experian server containing T-Mobile customer data, though no public announcement was made until Oct. 1.

      According to Experian, the breach data includes customer names, addresses, Social Security numbers and dates of birth. Experian claims that banking and payment card information was not stolen.

      Although Experian had encrypted all of its data, that’s not going to limit the risk.

      “Experian has determined that this encryption may have been compromised,” T-Mobile CEO John Legere wrote in an open letter to customers.

      Neither T-Mobile nor Experian are reporting that they have any evidence at this point that the customer data has been misused. That said, Experian is now offering affected T-Mobile customers free credit monitoring, just in case.

      “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere wrote. “I take our customer and prospective customer privacy VERY seriously. This is no small issue for us.”

      Experian is no stranger to data theft. In July, Experian was hit with a class-action lawsuit that alleged the company enabled an identity thief to access data. On July 14, the U.S. Department of Justice sentenced identity thief Hieu Minh Ngo to 13 years in prison for his role in the data theft, in which information on 200 million U.S. citizens was accessed.

      Experian has also suffered from a significant volume of data breaches, according to Jake Kouns, chief information security officer of Risk Based Security.

      “Prior to this latest issue, we have tracked 103 previous data breaches at Experian, making them the most breached company of all time,” Kouns told eWEEK. “It is very unfortunate that the company many consumers trust to monitor their most personal information still does not have a proper information security program in place.”

      Bobby Kuzma, systems engineer at Core Security, told eWEEK that for the T-Mobile breach, Experian appears to be following its own recommendations, outlined in a Data Breach Response Guide for what to do in the case of a data breach.

      “I’m not surprised by how long the attackers were in Experian’s systems. These multiple-year breaches are sadly still the norm.” Kuzma told eWEEK. “I don’t believe this breach is going to substantially increase the threats of identity theft, but that isn’t saying much, since despite our best efforts, it still remains trivially easy to steal identities.”

      Multiple security experts contacted by eWEEK were shocked by the fact that data that was supposedly encrypted by Experian is at risk, since it was somehow decrypted.

      “It blows my mind not that attackers got to the data—but that they can decrypt it,” JP Bourget, CEO and founder of Syncurity, told eWEEK. “The big thing Experian has done wrong is not implement encryption correctly. This is inexcusable.”

      Confidential and personal data that is exchanged between business partners needs to be handled with hyper-secure methods, added Craig Lurey, CTO and co-founder of Keeper Security.

      “If data is leaked, the hackers should not have been able to decrypt it—if the method of encryption used was strong and implemented correctly,” Lurey told eWEEK.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×