Carrier 15 million T-Mobile customers just had their personal data stolen by hackers

[anarche]

If you're a T-Mobile customer, heads up: If you applied for device financing or service from the company anytime in the last two years, your personal information might have been leaked to hackers.

T-Mobile says as many as 15 million people may have been affected by the data breach, an attack that didn't compromise T-Mobile's own systems but rather those of its credit partner — the data vendor and credit bureau Experian.

Experian says no credit card or banking data was stolen as part of the attack, which began in September 2013 and wasn't discovered until two years later, on Sept. 15.
​

Washington Post

 

[Lobwedgephil]

Yikes.

 

[perkedel]

so Experian got hacked?

 

[wesk702]

The title of this article just makes this situation just a speck in comparison to all parties Experian is affiliated with. Hope I'm reading this wrong.

 

[JackieInCo]

T-Mobile is unfortunate to be connected with Experian. It's not T-Mobiles fault in any way.

 

[yg17]

Yay, that includes me. I would love to see jail time for these cheap ass executives who give their info security contracts to the lowest bidder and then get hacked. If we're not going to be able to jail the hackers (because they're probably in China or Russia or some 3rd world craphole that would never prosecute them if caught), then we should jail the bean counters who leave the door to sensitive customer information wide open.

so Experian got hacked?

Yes, but possibly systems they own and control that are dedicated to T-Mobile, so that's why only T-Mobile's associated with this. But it seems 100% their fault.

 

[SisterBlue22]

I would love to see jail time for these cheap ass executives who give their info security contracts to the lowest bidder and then get hacked.

You do understand that Experian is one of the three credit reporting companies, along with TransUnion and Equifax, right? Not some fly by night "lowest bidding" company?

 

[yg17]

You do understand that Experian is one of the three credit reporting companies, along with TransUnion and Equifax, right? Not some fly by night "lowest bidding" company?

Yes, I understand that very well. I'm saying that when it came to information security, they cheaped out and ended up with this. That's what happened at Target, Home Depot, Michaels, Ashley Madison, Anthem, TJ Maxx and tall these other companies. They go with the low bidder for their IT and get burned, and it ends up costing them a lot more in damages and bad PR than if they just properly secured their **** in the first place.

I used to work for one of the major wireless companies in the US, a massive company, hardly a fly by night "lowest bidding" company and they've been offshoring all kinds of work to all corners of the earth and it's probably a matter of time until their name comes up in a data breach article. No offense to the good people of India, but their developers and IT professionals 2 years out of college aren't as good as the guys in the US who have 20 years of experience. Especially when the guys in India are making pennies on the dollar and got no training from the onshore people they replaced because the onshore people spent their last 60 days on the payroll trying to find a new job rather than train their replacements.

But in the short term, hey, it looks good. Money is saved. Stockholders are happy. Already millionaire execs get a bigger bonus and can brag about how they purchased the 2,000th Lamborghini Aventador while in the meantime people at the company are losing their jobs to underqualified contractors because budget. Oops, did I just give enough information there to find out who my former employer is? **** them.

 

[SisterBlue22]

Yes, I understand that very well. I'm saying that when it came to information security, they cheaped out and ended up with this. That's what happened at Target, Home Depot, Michaels, Ashley Madison, Anthem, TJ Maxx and tall these other companies. They go with the low bidder for their IT and get burned, and it ends up costing them a lot more in damages and bad PR than if they just properly secured their **** in the first place.

What are your sources in saying that Target, Home Depot, et al chose the lowest bidder for their IT needs? Do you have insider information on the business decision process of all of those companies? Do you think hackers choose to hack only companies who chose the lowest bidders? How would they know? You stated your post as if it was fact and I wonder how you'd know those "facts". Just curious.

 

[Newtons Apple]

You people might as well get used to it. Our data was compromised years ago.

 

[DoofenshmirtzEI]

Target was using some rather nice intrusion detection software. And then promptly ignored its warnings.

 

[Dtrip]

If you're a T-Mobile customer, heads up: If you applied for device financing or service from the company anytime in the last two years, your personal information might have been leaked to hackers.

T-Mobile says as many as 15 million people may have been affected by the data breach, an attack that didn't compromise T-Mobile's own systems but rather those of its credit partner — the data vendor and credit bureau Experian.

Experian says no credit card or banking data was stolen as part of the attack, which began in September 2013 and wasn't discovered until two years later, on Sept. 15.
​

Washington Post

I think the comment about "discovered 2 years later" is a little inaccurate. Experian claims it was an "isolated incident over a short period of time", which indicates to me that it happened fairly recently. According to T-Mobile's account of the issue, Experian is required by law to keep our credit records for 25 months, which indicate why the historical effectiveness of the alert date back 2 years ago. It appears it was a recent breach, acquiring historical data from previous 25 months of stored transactions.