T-Mobile admits up to 15 million users affected by Experian data breach

[Jeffrey Walton <noloader () gmail com>]

Its kind of convenient when Experian contributes to the disease, and
then sells the cure. They are creating their own market through
negligence and allowed to profit from it....

http://www.v3.co.uk/v3-uk/news/2428737/t-mobile-admits-up-to-15-million-users-affected-by-experian-data-breach

US mobile carrier T-Mobile has admitted that up to 15 million customer
records have been compromised following a breach of data at its credit
monitoring vendor Experian.

The breach, which affects consumers who applied for T-Mobile services
between 1 September 2013 and 16 September 2015, resulted in the
exposure of names, addresses and birth dates, along with Social
Security, driving licence and passport numbers.

The data loss has been blamed on compromised encryption, and was
discovered on 15 September. It is now being investigated by federal
and international law enforcement.

John Legere, T-Mobile US chief executive, said he is "incredibly
angry" about the significant loss of data.

"We will institute a thorough review of our relationship with
Experian, but right now my top concern and first focus is assisting
any and all consumers affected. I take our customer and prospective
customer privacy very seriously. This is no small issue for us," he
said.

"I do want to assure our customers that neither T-Mobile's systems nor
network were part of this intrusion and this did not involve any
payment card numbers or bank account information."

Legere added that the 15 million affected people are not all T-Mobile
users, stressing that the total figure is made up of credit applicants
and not just direct customers.

Experian, which has taken full responsibility for the breach, warned
that the stolen data may lead to an increased risk of identity theft.

"Although we have no evidence suggesting your personal information has
been misused, we take our obligation to help you protect your
information very seriously, and deeply regret that this has happened,"
the firm said.

"We encourage all eligible consumers to enrol in the complimentary
identity resolution services we have offered."

Craig Boundy, chief executive of Experian North America, said that his
firm takes data privacy "very seriously".

"We sincerely apologise for the concern and stress that this event may
cause. That is why we're taking steps to provide protection and
support to those affected by this incident and will continue to
coordinate with law enforcement during its investigation," he said.

The breach is the latest in a long line of cyber attacks against
high-profile targets, including the US Office of Personnel Management,
United Airlines and a significant breach in 2014 at banking giant JP
Morgan.

Legere has indicated that T-Mobile will look for an "alternative
option" for customers who do not want to use Experian in the future.
_______________________________________________

NOTE: As of July 10, the mailing list address HAS CHANGED from @linuxbox.org TO @lists.linuxbox.org. Please use the new 
address in all mail to the list.
_______________________________________________

Fun and Misc security discussion for OT posts.
http://lists.linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.