Experian Data Breach Follow-up

Experian Data Breach Follow-up:

This is a follow-up to the Experian Data Breach that we covered here.

Per Bloomberg (2015), “T-Mobile US Inc. and a unit of credit-tracking firm Experian Plc are facing a growing list of lawsuits after hackers gained access to personal data on 15 million T-Mobile customers held on Experian servers.” The amount of information required for credit checking and reporting is making this data breach more harmful than many others. This is leading cyber security advocates, The National Consumer Law Center, and affected parties to urge the Federal government to conduct an investigation (MarketWatch, 2015).

No other technical details are known at this time.

Experian Apologizes

Craig Boundy, chief executive of Experian North America, said in a statement: “We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause.”  (Orange County Register, 2015)

T-Mobile’s CEO’s Letter to Consumers Regarding the Experian Data Breach

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information” (T-Mobile, 2015).

Our Analysis

It seems as if this is an indicator that the information from the Experian Data Breach is already for sale on the “Dark Net.” The damage control for this will take years, if not decades. Some people will never recover from this and oddly enough, Experian offered THEIR OWN CREDIT MONITORING SERVICE for free for affected customers. Per eSecurity Planet (2015), they are still making the offer under the ProtectmyID banner. This seems counter intuitive. How can an organization monitor the credit of all these users and tell them in good faith when an issue occurs, when they couldn’t monitor and manage the security of the server(s) used for T-Mobile credit checking?

There is more to come on this for sure. I think we are just touching the tip of the proverbial iceberg. We will likely see a rise in identity theft, attacks on other credit reporting/checking services, and attempted attacks on TransUnion and Equifax.

Other High Profile Data Breaches:

Dow Jones
Trump Hotels
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison
Ashley Madison (follow up)

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.


Orange County Register
The National Consumer Law Center (PDF of letter sent to the U.S. Federal Trade Commission and Consumer Financial Protection Bureau)
T-Mobile’s CEO’s Letter to Consumers
eSecurity Planet

Enter your email address:

Delivered by FeedBurner

Subscribe to our mailing list

* indicates required

About Joe Gray

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading.