T-Mobile CEO John Legere pulled no punches expressing his disgust over a hack yesterday at its credit vendor Experian that compromised the personal information of about 15 million T-Mobile customers and applicants, and rightly so according to industry insiders who believe T-Mobile's image now may be badly tarnished through no fault of its own.
The breach affected all those who signed up for a T-Mobile account between Sept. 1, 2013, and Sept. 16, 2015, with unauthorized access being gained to customer's names, birth date, addresses and social security numbers, according to a statement by Experian North Armerica CEO Craig Boundy. He added that the breach did not impact any other aspect of Experian's business and that the server in question has been secured.
“It will be interesting to see the fallout. T-Mobile got a pretty bad black eye and I believe will seek some kind of restitution from Experian and I would not be surprised if there is a class action suit from the victims,” Chris Ensey, COO of Dunbar Cybersecurity, told SCMagazine.com.
Legere stated in a release that T-Mobile will conduct a thorough review of the company's relationship with Experian.
The other major issue the companies are dealing with is what threat is being faced by the customers involved. T-Mobile and Experian are offering free credit monitoring services to those affected, but Ensey and others expressed doubt that such action will benefit the victims.
“This is not a really legitimate tool anymore,” he said, instead suggesting the companies tell the people how to protect their information by freezing their credit.
“It's become commonplace to offer credit monitoring to victims of a data privacy breach, but other attacks could fall outside the monitored time period,” said data loss prevention expert Gord Boyce, CEO of FinalCode, to SCMagazine.com via email Friday.
Avivah Litan, a vice president and distinguished analyst with the research firm Gartner, said to SCMagazine.com that while identity theft is a concern, she believes the information taken will be used for a possibly even darker purpose.