Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Highly personal data for 15 million T-Mobile applicants stolen by hackers

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 2 Oct 2015 11:03:31 +0000 (UTC)
http://arstechnica.com/security/2015/10/highly-personal-data-for-15-million-t-mobile-applicants-stolen-by-hackers/

By Dan Goodin
Ars Technica
Oct 1, 2015
Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile.
The breach was the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers, T-Mobile CEO John Legere said in a statement posted online. The investigation into the hack has yet to be completed, but so far the compromise is known to affect people who applied for T-Mobile service from September 1, 2013 through September 16 of this year. It's at least the third data breach to affect Experian disclosed since March 2013.
"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," Legere wrote. "I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information."
According to a FAQ posted by Experian, the breach involved an Experian server storing data for people who applied for T-Mobile USA postpaid services. Company officials discovered the unauthorized access on September 15. The records contained names, addresses, social security numbers, birth dates, and passport numbers, military IDs, or driver license numbers. Experian said the social security and ID numbers were encrypted but that company investigators have determined the encryption may have been compromised. 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: