Hackers steal info from 15 million T-Mobile customers and applicants

The mobile phone company is pointing the finger at credit reporting agency Experian for the security breach.

Mark Lennihan/AP/File
In this Sept. 12, 2012 photo, a man uses a cellphone as he passes a T-Mobilestore in New York.

In a massive data breach, hackers have stolen sensitive information belonging to about 15 million T-Mobile wireless customers and potential customers in the United States, including home addresses, birth dates, and Social Security numbers.

The hackers got the information from credit reporting agency Experian, which T-Mobile uses to check the credit of consumers applying for phone plans and financing devices, The Associated Press reports.

"Upon discovery of the incident, Experian took immediate action, including securing the server, initiating a comprehensive investigation, and notifying U.S. and international law enforcement.," Experian said in a press release.

In an open letter to customers posted on its website. T-Mobile CEO John Legere said that any customers who had joined or attempted to join T-Mobile between September 1, 2013, and September 16, 2015, could be affected by the attack.

Mr. Legere said information that was encrypted may have also been compromised. Encrypted information included Social Security numbers and identification numbers such as a driver's license or passport number used in T-Mobile's own credit assessment.

"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," Legere wrote. "I take our customer and prospective customer privacy very seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile's systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information."

This is not the first data breach involving a credit reporting agency.

In March 2013, Experian and credit-reporting giants Equifax and TransUnion confirmed that sensitive, personal-identifying information about celebrities and public figures has been taken from their systems, Bloomberg reported.

Nearly 800 data breaches were reported last year by US organizations, according to AP.

No one has yet claimed responsibility for the hack, which is the latest in a string of high-profile cyber attacks on businesses and other organizations in recent years affecting millions of people, including Sony Pictures, eBay and affair-enabling dating site Ashley Madison.

It is not clear what the hackers have done with the stolen T-Mobile data.

“This type of information typically appears for sale on black markets. Hackers then amass the stolen information to build large, searchable databases that make it easy for anyone to steal your identity for a small price. A stolen identity leads to stolen tax refunds, ruined credit and worse,” CNN reports.

In response to the attack, Legere said that T-Mobile would give anyone affected free credit monitoring service for two years.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.