An Irish security firm has noticed vast amounts of user data sold on the dark web, alleging that is likely the same data breached from Experian’s server belonging to nearly 15 million T-Mobile customers.
An Irish cyber security firm Trustev has picked up on data listings pinned on the dark web that the firm believes was taken from the Experian breach involving millions of T-Mobile customers, reports VentureBeat.
A spokesman for the security firm told the publication:
“This morning they saw listings go up for FULLZ data that matches the same types of information that just came out of the Experian hack.”
“FULLZ” is slang for a full package and used by data brokers and hackers while selling the complete package of an individual’s or group’s personal identifying information. A full data package includes name, date of birth, account numbers, social security numbers, contact details, and other data.
While the listing does not mention T-Mobile or Experian specifically, Trustev notes that it is “extremely likely” that the data being sold is from the breach.
“Once fraudsters get their hands on data, they typically unload it very quickly,” the spokesman added.
“So like I said, it’s not definitely T-Mobile/Experian, but it’s extremely likely considering the type of data and timing.”
Related article: Hackers Breach Data of 15 Million T-Mobile Customers
Experian, the world’s biggest credit monitoring is also among the largest data brokers in the world. Entire swarms of personalized data from millions of people around the world are looked into, amassed and sold to the highest bidder.
Experian states that no payment or credit card data was breached in the incident, and the new listing on the dark web does not show any such records.
“Records containing a name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile’s own credit assessment were accessed,” read a statement elaborating on the breach on Experian’s website.
The breach of personal information included those of T-Mobile customers who applied for the carrier’s postpaid services or financing between September 2013 and September 2015.