Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile.
The breach was the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers, T-Mobile CEO John Legere said in a statement posted online. The investigation into the hack has yet to be completed, but so far the compromise is known to affect people who applied for T-Mobile service from September 1, 2013 through September 16 of this year.
The records contained names, addresses, social security numbers, birth dates, and passport numbers, military IDs, or driver license numbers. Experian said the social security and ID numbers were encrypted but that company investigators have determined the encryption may have been compromised.
People whose data was exposed are eligible to receive two years of free credit-monitoring. While the offer may sound generous, security reporter Brian Krebs makes a convincing argument that the value of credit-monitoring is extremely limited. People whose personal data has been exposed are much better off placing a fraud alert on their credit files.
“I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” said T-Mobile US Inc. CEO John Legere in a statement. Source: Associated Press/Arstechnica