A massive T-Mobile hack that impacts as many as 15 million actually stems from an Experian Data Breach, not a hack into T-Mobile’s network, but it still puts the personal information of many T-Mobile customers at risk.
Announcements outline unauthorized access to the personal data of users who bought a new phone in early September through T-Mobile with a credit check involved.
While many consumers man consider T-Mobile hacked, the intrusion was on Experian’s network. This is something T-Mobile made clear in the announcement, and the company is standing behind customers with offers free credit monitoring.
According to the Experian statement on the matter unauthorized access included, “access to a server that contained personal information for consumers who applied for T-Mobile USA,” which is why you are hearing about a T-Mobile hack more than you are about the Experian data breach part of this event.
T-Mobile John Legere issued a statement Thursday addressing the T-Mobile hack that took place on Experian’s network.
Legere states, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
If you are a T-Mobile customer, here are the facts you need to know about the T-Mobile hack and Experian Data Breach
Am I Part of the T-Mobile Hack?
In short, if you applied for T-Mobile service or used the carrier to finance a new phone or tablet between September 1st and September 16th you are potentially part of this hack.
Experian explains, “this incident may have impacted individuals who applied for service at T-Mobile USA, Inc. from Sept. 1, 2013 through Sept. 16, 2015. If you applied for postpaid service or financed a device during that time period, you could be impacted.”
If you purchased, or initiated the purchase of a new phone during this period you may be a part of this group. The iPhone 6s pre-orders started on September 12th, and if you financed the device through T-Mobile you may be part of this hack.
What Did the Hackers Get?
The Experian Data Breach allowed attackers to gain access to a range of information about the customers who purchased a phone during this period. Experian outlines the following information as potentially compromised:
- Social Security number
- Date of birth
- Identification number (typically a driver’s license, military ID, or passport number)
- Additional information used in T-Mobile’s own credit assessment
On a T-Mobile FAQ, the company explains that although SSN were protected with encryption, it may not have helped. T-Mobile shares, “Experian determined that, although Social Security and identification numbers were encrypted, the encryption may have been compromised”
The credit or debit card you used to make a purchase and bank account information was not compromised.
Is My Identity Stolen?
With the information that is compromised one of the important questions many users are asking is if their data is being used to steal their identity. Experian explains that the data obtained through this hack, “could lead to an increased risk of identity theft.”
At this time there is, “no evidence that the data has been used inappropriately,” according to Experian. There are steps you can take to protect your ID.
What Can I Do About the T-Mobile Hack?
- Visiting www.ProtectMyID.com/SecurityIncident
- Calling 866-369-0422 to get the assistance they need in understanding their options.
- Sending an email with questions to firstname.lastname@example.org
Experian will notify users impacted by mail, before November 30th. Legere states, Anyone concerned that they may have been impacted by Experian’s data breach can sign up for two years of FREE credit monitoring and identity resolution services,” regardless of receiving a notice.
What are Experian & T-Mobile Doing?
T-Mobile outlines five steps that Experian took after the breach, including working with authorities. These steps are below, but nothing can put information back on the server.
- ensuring web application firewalls are working as intended
- enhancing security of encryption keys
- limiting authorized access to the server
- engaging U.S. and international law enforcement and cybercrime authorities
- increased monitoring of the affected servers and associated systems
T-mobile CEO John Legere writes, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” but for now the focus is on helping customers.