A data breach targeting Experian, the world’s biggest credit monitoring firm has resulted in the compromise of over 15 million T-Mobile customers and other users who applied for T-Mobile service.
Experian North America issued a press release that confirmed that one of its business units was the target of an unauthorized breach by attacker(s), leading to the compromise of personal details of some 15 million users in the U.S.
Affected users include those who applied for T-Mobile’s postpaid services or financing between September 1, 2013, and September 16, 2015.
Related article: UCLA Hacked, Data Breach Affects 4.5 Million Victims
The data breach contains the leak of personal information such as:
- Social Security number
- Personal ID (Driver’s license or passport number)
In a public post on the company’s website, T-Mobile CEO John Legere said:
“We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people.”
He went on to say:
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.
“I take our customer and prospective customer privacy VERY seriously.”
Experian North America has stated that federal and international law enforcement authorities have been notified of the incident. Additionally, there is no evidence, yet, of any misuse of the breached data, according to the credit application vendor.
Experian had previously experienced a data breach when an attack targeting a subsidiary of Experian began before its acquisition by the credit monitoring firm in 2012. The breach exposed some 200 million Americans’ social security numbers.
Related article: Comcast Slapped with a $33 Million Fine over Data Breach
The current breach occurred about a fortnight ago and was discovered two days after the initial intrusion. The compromised server was secured immediately after discovery and affected customers were notified by the company, according to an Experian spokeswoman. She also added that the State Attorneys’ General will also be notified of the breach.
Experian has also offered two years’ worth of credit monitoring for free, to all those who are compromised. Several users took to Twitter to scoff at the option of credit protection from a credit monitoring firm that was breached by hackers.
Legere responded to the suggestion by adding:
A more detailed account of the incident can be found here.