By Jim Finkle
(Reuters) - Experian
Plc , the world's biggest consumer credit monitoring firm, on Thursday
disclosed a massive data breach that exposed sensitive personal data of some 15
million people who applied for service with T-Mobile US Inc .
Connecticut's attorney
general said he will launch an investigation into the breach.
Experian said it
discovered the theft of the T-Mobile customer data from one of its servers on
Sept. 15. The computer stored information about some 15 million people who had
applied for service with telecoms carrier T-Mobile during the prior two years,
Experian said.
T-Mobile Chief
Executive John Legere said the data included names, addresses, birth dates,
Social Security numbers, drivers license numbers and passport numbers. Such
information is coveted by criminals for use in identity theft and other types
of fraud.
"Obviously I am
incredibly angry about this data breach and we will institute a thorough review
of our relationship with Experian," T-Mobile Chief Executive John Legere
said in a note to customers posted on the company's website. "But right
now my top concern and first focus is assisting any and all consumers
affected." (http://t-mo.co/1M4FSSd)
The Experian breach is
the latest in a string of massive hacks that have each claimed millions - and
sometimes tens of millions - of customer records, including the theft of
personnel records from the U.S. government this year, a 2014 breach on JPMorgan
Chase and a 2013 attack on Target Corp's cash register systems.
It is also the second
massive breach linked to Experian. An attack on an Experian subsidiary that
began before Experian purchased it in 2012 exposed the Social Security numbers
of 200 million Americans and prompted an investigation by at least four states,
including Connecticut.
Experian on Thursday
said it had launched an investigation into the new breach and consulted with
law enforcement.
The company offered two
years of credit monitoring to all affected individuals. People, however, said
that they did not want credit protection from a company that had been breached.
Legere responded by
promising to seek alternatives.
"I hear you,"
he said on Twitter. "I am moving as fast as possible to get an alternate
option in place by tomorrow."
Experian said the
breach did not affect its vast consumer credit database.
Legere said no payment
card or banking information was taken.
T-Mobile had nearly 59
million customers as of June 30. A representative for the carrier said that not
all 15 million of the affected applicants had opened accounts with T-Mobile.
The telecom carrier's
shares were down 1.3 percent in extended trading after closing little changed
at $40.13 on the New York Stock Exchange.
In the earlier data
breach affecting Experian, a Vietnamese national confessed in U.S. court last
year to using a false identity to opening an account with the unit, known as
Court Ventures, sometime before Experian purchased it in 2012.
A spokeswoman for
Connecticut Attorney General George Jepsen said on Thursday that it would
investigate the latest attack.
The spokeswoman, Jaclyn
Falkowski, declined to elaborate on the T-Mobile incident, but said the investigations
of the Court Ventures matter "is active and ongoing."
(In 7th and 16th
paragraphs, this version of the story corrects to show that the previous
Experian data breach began before Experian purchased the company in 2012, not
that it occurred in 2014.)
(Reporting by Jim
Finkle; Additional reporting by Karen Friefeld and Arathy Nair; Editing by
Leslie Adler)
No comments:
Post a Comment