Experian Data Breach Follow-up

Experian Data Breach Follow-up:

This is a follow-up to the Experian Data Breach that we covered here.

Per Bloomberg (2015), “T-Mobile US Inc. and a unit of credit-tracking firm Experian Plc are facing a growing list of lawsuits after hackers gained access to personal data on 15 million T-Mobile customers held on Experian servers.” The amount of information required for credit checking and reporting is making this data breach more harmful than many others. This is leading cyber security advocates, The National Consumer Law Center, and affected parties to urge the Federal government to conduct an investigation (MarketWatch, 2015).

No other technical details are known at this time.

Experian Apologizes

Craig Boundy, chief executive of Experian North America, said in a statement: “We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause.”  (Orange County Register, 2015)

T-Mobile’s CEO’s Letter to Consumers Regarding the Experian Data Breach

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information” (T-Mobile, 2015).

Our Analysis

It seems as if this is an indicator that the information from the Experian Data Breach is already for sale on the “Dark Net.” The damage control for this will take years, if not decades. Some people will never recover from this and oddly enough, Experian offered THEIR OWN CREDIT MONITORING SERVICE for free for affected customers. Per eSecurity Planet (2015), they are still making the offer under the ProtectmyID banner. This seems counter intuitive. How can an organization monitor the credit of all these users and tell them in good faith when an issue occurs, when they couldn’t monitor and manage the security of the server(s) used for T-Mobile credit checking?

There is more to come on this for sure. I think we are just touching the tip of the proverbial iceberg. We will likely see a rise in identity theft, attacks on other credit reporting/checking services, and attempted attacks on TransUnion and Equifax.

Other High Profile Data Breaches:

Dow Jones
Scottrade
Trump Hotels
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison
Ashley Madison (follow up)

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

References

Bloomberg
Orange County Register
The National Consumer Law Center (PDF of letter sent to the U.S. Federal Trade Commission and Consumer Financial Protection Bureau)
T-Mobile’s CEO’s Letter to Consumers
eSecurity Planet


Enter your email address:


Delivered by FeedBurner


Subscribe to our mailing list

* indicates required







About Joe Gray

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Since leaving the Navy, Joe has lived and worked in St. Louis, MO, Richmond, VA, and Atlanta, GA. His primary experience is in the Information Assurance (IA) and Cyber Security compliance field. He has worked as a Systems Engineer, Information Systems Auditor, Senior UNIX Administrator, Information Systems Security Officer, and Director of IT Security. Joe is in pursuit of his PhD in Information Technology (with focus in Information Assurance and Security). His undergraduate and graduate degrees are also in Information Technology (with focus in Information Assurance and Security) from Capella University, where he graduated Summa Cum Laude for both degrees and completed a Graduate Certificate in Business Intelligence. He also is a part-time (Adjunct) Faculty at Georgia Gwinnett College. Joe holds the (ISC)² CISSP-ISSMP, GIAC GSNA, CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications. In his spare time, Joe enjoys reading news relevant to information security, blogging, bass fishing, and flying his drone in addition to tinkering with and testing scripts in R and Python.