North American mobile phone operator T-Mobile have announced that 15 million customers and potential customers have had their personal information breached. The breach, affecting Experian servers holding T-Mobile information, was discovered on the 15th September but only reported recently.
The Experian investigation into the breach determined that individuals who had applied for service between September 2013 and September 2015 were likely to be affected, and have begun contacting those who they believe were affected.
It has been confirmed that the information accessed during the breach included names, addresses, birthdates and social security numbers. The data had been encrypted, although it is likely the encryption had been compromised as part of the attack. Experian and T-Mobile have both stressed that no credit card or bank account information had been accessed.
Following the breach, Experian are offering two years of free credit monitoring and identity resolution services through their identity theft protection service ‘ProtectMyID’, and have offered the following advice to customers:
- Always remain vigilant against threats of ID theft or fraud.
- If you suspect you are a victim of identity theft or fraud, you have the right to file and obtain a copy of the police report.
- Be alert to “phishing” by someone who acts like a colleague or friend and requests sensitive information over email, such as passwords, social security numbers, or bank account numbers. (Note: Experian or T- Mobile will NOT ask for sensitive information over email.)
- Consider placing a fraud alert or security freeze on your credit file.
In an open letter posted on the T-Mobile website, CEO John J. Legere expressed his anger at the breach and promised to ‘institute a thorough review of our relationship with Experian’.
T-Mobile UK customers, now EE customers, have been unaffected by the breach.