In the annals of what I like to call “Dear John Data Loss Letters,” this one takes the cake.
“Experian North America today announced that one of its business units, notably not its consumer credit bureau, experienced an unauthorized acquisition of information from a server that contained data on behalf of one of its clients, T-Mobile, USA, Inc.,” writes Experian today on its website in a sort-of apology.
The phrase “experienced an unauthorized acquisition of information” is quite elegant, no?
Remarkably, the firm that T-Mobile trusted to vett cell phone service applicants has been raided by hackers, who made away with detailed sets of personal information on 15 million consumers. Criminals stole data covering more than two-year’s worth of applicants, from September 1, 2013 through September 16, 2015.
Experian says the data included names, dates of birth, addresses, and Social Security numbers and/or an alternative form of ID like a drivers’ license number, as well as additional information used in T-Mobile’s own credit assessment.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” said T-Mobile CEO John Legere in a statement. He admirably took to Twitter immediately and began answering questions about the incident. Not all victims are current customers, he made clear. Applicants who did not become customers can also be impacted.
Victims can get two free years of credit monitoring, T-Mobile promised — but the offer involves, ironically, ProtectMyID, which is owned by … Experian.
“We’ll have an alternative option tomorrow,” Legere wrote to consumers who complained about the offer of free credit monitoring services T-Mobile promised.
No payment card or banking information was acquired, Experian said. In fact, the data was exposed is could actually cause more trouble for consumers.
Experian also stressed that the hack did not involve its main consumer credit database.
“We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause,” said Craig Boundy, Chief Executive Officer, Experian North America.
For more information, click on Experian’s “Overview” page regarding the incident.