The Washington Post reports that T-Mobile’s Credit Partner, Experian, has been breached revealing names, addresses, Social Security numbers, birth dates and driver’s license and passport numbers for any customer who has applied for device financing or even services from T-Mobile which required a credit check. Both parties were quick to point out that no no credit card or banking data was stolen as part of the attack. But as far as I am concerned, that is cold comfort.
The attack started back in September 2013 and was only just discovered on September 16, 2015 which makes me question the security that Experian had in place. Both Experian and T-Mobile have posted statements on their websites and Experian is offering credit for two free years of identity resolution services and credit monitoring in the wake of the breach. That is not much good in my opinion because the bad guys had two years of access to this data.
#fail
This is a textbook example as to why laws need to be passed that hold companies who get pwned responsible for being pwned. Otherwise, companies will not take the security of their environments and their customers data seriously. Plus, all you’ll get in situations like these is a half hearted insecure “we’re sorry” and free credit monitoring which is not nearly good enough to make up for this sort of mess.
UPDATE: Experian has been pwned before. Earlier this year, a Vietnamese man was sentenced to 13 years in prison for running an online identity theft service that pulled consumer data directly from an Experian subsidiary. Experian is now fighting off a class-action lawsuit over the incident. Sounds to me like they need a very hard smack from lawmakers.
Related
This entry was posted on October 2, 2015 at 12:01 pm and is filed under Commentary with tags Hacked, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Experian Breached, Data From 15 Million Customers Of T-Mobile Customers Now Out There [UPDATED]
The Washington Post reports that T-Mobile’s Credit Partner, Experian, has been breached revealing names, addresses, Social Security numbers, birth dates and driver’s license and passport numbers for any customer who has applied for device financing or even services from T-Mobile which required a credit check. Both parties were quick to point out that no no credit card or banking data was stolen as part of the attack. But as far as I am concerned, that is cold comfort.
The attack started back in September 2013 and was only just discovered on September 16, 2015 which makes me question the security that Experian had in place. Both Experian and T-Mobile have posted statements on their websites and Experian is offering credit for two free years of identity resolution services and credit monitoring in the wake of the breach. That is not much good in my opinion because the bad guys had two years of access to this data.
#fail
This is a textbook example as to why laws need to be passed that hold companies who get pwned responsible for being pwned. Otherwise, companies will not take the security of their environments and their customers data seriously. Plus, all you’ll get in situations like these is a half hearted insecure “we’re sorry” and free credit monitoring which is not nearly good enough to make up for this sort of mess.
UPDATE: Experian has been pwned before. Earlier this year, a Vietnamese man was sentenced to 13 years in prison for running an online identity theft service that pulled consumer data directly from an Experian subsidiary. Experian is now fighting off a class-action lawsuit over the incident. Sounds to me like they need a very hard smack from lawmakers.
Share this:
Like this:
Related
This entry was posted on October 2, 2015 at 12:01 pm and is filed under Commentary with tags Hacked, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.