http://arstechnica.com/security/2015/10/highly-personal-data-for-15-million-t-mobile-applicants-stolen-by-hackers/
By Dan Goodin
Ars Technica
Oct 1, 2015
Hackers broke into a server and made off with names, driver license
numbers, and other personal information belonging to more than 15 million
US consumers who applied for cellular service from T-Mobile.
The breach was the result of an attack on a database maintained by
credit-reporting service Experian, which was contracted to process credit
applications for T-Mobile customers, T-Mobile CEO John Legere said in a
statement posted online. The investigation into the hack has yet to be
completed, but so far the compromise is known to affect people who applied
for T-Mobile service from September 1, 2013 through September 16 of this
year. It's at least the third data breach to affect Experian disclosed
since March 2013.
"Obviously I am incredibly angry about this data breach and we will
institute a thorough review of our relationship with Experian, but right
now my top concern and first focus is assisting any and all consumers
affected," Legere wrote. "I take our customer and prospective customer
privacy VERY seriously. This is no small issue for us. I do want to assure
our customers that neither T-Mobile’s systems nor network were part of
this intrusion and this did not involve any payment card numbers or bank
account information."
According to a FAQ posted by Experian, the breach involved an Experian
server storing data for people who applied for T-Mobile USA postpaid
services. Company officials discovered the unauthorized access on
September 15. The records contained names, addresses, social security
numbers, birth dates, and passport numbers, military IDs, or driver
license numbers. Experian said the social security and ID numbers were
encrypted but that company investigators have determined the encryption
may have been compromised.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
