On Thursday, T-Mobile revealed that Experian, a third-party used for customer credit checks, had been breached. As part of the breach, 15 million T-Mobile customers had their personal data stolen from the company. The theft affected customer data ranging back two years, from September 2013 through September 2015.
The stolen data included names, addresses and birth dates, as well as encrypted social security numbers and ID numbers (such as driver’s license or passport number). The company notes that no credit card numbers or bank account information was taken. Whilst the more sensitive data was encrypted, the company states that this encryption may have been compromised by the attackers, but does not mention the type of encryption used or why this might be the case.
T-Mobile CEO John Legere had the following to say in a statement:
Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.
T-Mobile is making it very clear that this is a breach of Experian only and that they are solely to blame for the theft of this data. As mentioned in the FAQ, "Experian has taken full responsibility for the theft of data from its server."
Experian is offering affected customers two years of free credit monitoring and ‘identity resolution services.’
Can I get free credit monitoring services, even if I’m not sure?
Absolutely. We want any T-Mobile customer or applicant for service who might be concerned to be able to get the free credit monitoring and identity restoration services Experian is offering at www.protectmyID.com/securityincident. Just go there and sign up for free.
Experian is far from the first company to be involved in this type of breach, as we have seen over the past few years, these type of events are only becoming more common.