Home Tags Posts tagged with "t mobile data breach"

t mobile data breach

0

The Public Interest Research Group (PIRG), which is backed by 28 other bodies, has called for a Federal investigation into Experian, following a major hack at the credit database company.

Experian claims personal data on 15 million T-Mobile customers was stolen in the breach.

However, the PIRG fears the hack may have extended to the rest of Experian’s credit database.

This holds personal information about some 200 million Americans, it said.

“A data security breach that affected Experian’s credit report files would be a terrifying and unmitigated disaster,” it added.Experian hack attack investigation

The Experian breach occurred at Decisioning Solutions, a subsidiary of the credit agency which T-Mobile uses to process information on subscribers.

Names, birth dates and social security numbers were among data stolen, but not financial details, the firms said.

Experian has said the business was “completely separate” from its main credit bureau business, which was “not affected”.

However, in a statement, PIRG’s consumer program director, Ed Mierzwinski, urged both the Consumer Financial Protection Bureau and the Federal Trade Agency to investigate whether other Experian databases had been breached.

He said: “If the server holding the T-Mobile files was subject to fewer security protections than the full Experian credit reporting database, why?

“If it was subject to the same protections as the credit reporting server, doesn’t this raise the troubling possibility that the server holding highly sensitive credit and personal information of over 200 million Americans is vulnerable to a data hack by identity thieves?”

Prominent cybercrime journalist Brian Krebs has also raised concerns about Experian’s internal data protection policies.

In a blog, published on October 8, Brian Krebs claimed to have interviewed “half a dozen security experts” who recently left Experian frustrated with its approach.

“Nearly all described Experian as a company fixated on acquiring companies in the data broker and analytics technology space, even as it has stymied efforts to improve security and accountability at the firm,” he said.

Experian data has been breached before – such as in 2012, when an attack on an Experian subsidiary exposed social security numbers of 200 million Americans.

This prompted an investigation by at least four states, including Connecticut.

Commenting on PIRG’s campaign, an Experian spokesman said: “Experian understands the concerns raised and we are prepared to respond promptly to requests from regulatory agencies for more details about the incident.”

He added: “Security is a top priority for the company, and Experian is committed to continuous investments in upgrading talent, processes, and technologies needed to protect our systems.”

He also said the Experian had invested of “tens of millions of dollars” in the last three years to strengthen its security.

A number of lawsuits seeking class action status are under way against T-Mobile and Experian, on behalf of victims affected by the breach.

Hackers accessed the social security numbers, birthdates and other personal information belonging to about 15 million T-Mobile wireless customers and applicants, credit reporting agency Experian said on October 1.

The breach was at a unit of Experian, which T-Mobile uses to process information on subscribers.

Experian said T-Mobile customers who applied for wireless service between September 1, 2013 and September 16, 2015 may have had their information stolen.

Names, birth dates and social security numbers are among data stolen, but not financial details, the companies said.

T-Mobile CEO John Legere said his company would review its link with Experian.

“Obviously I am incredibly angry about this data breach,” he said.T Mobile customer data hacked

In a statement, John Legere said: “I take our customer and prospective customer privacy very seriously. This is no small issue for us.

“I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.

“Experian has assured us that they have taken aggressive steps to improve the protection of their system and of our data.”

Experian North America chief executive Craig Boundy said in his own statement: “We sincerely apologize for the concern and stress that this event may cause.”

It was unclear when the breach was discovered, but Experian said the matter was reported to the authorities immediately after it learned of the hack.

Experian said in a statement: “We continue to investigate the theft, closely monitor our systems, and work with domestic and international law enforcement. Investigation of the incident is ongoing.

“Experian is notifying the individuals who may have been affected and is offering free credit monitoring and identity resolution services for two years. In addition, government agencies are being notified as required by law.”

Experian said there “is no evidence that the data has been used inappropriately”.

There have been a string of high-profile hacks of businesses and other organizations in recent years affecting millions of people, including adultery website Ashley Madison, Sony Pictures, and retailers such as Home Depot, Target, and eBay.

T-Mobile is now the third biggest mobile company in the US, having surpassed Sprint this year.