Experian, a credit processing vendor, was hacked this week and the bulk of data exposed belonged to T-Mobile and prospective T-Mobile customers. The hackers walked away with full identities, including names, addresses, birthdates, driver's license and passport numbers, and even social security numbers.
Here's what you can do to minimize the fallout.
First, it's important to note that T-Mobile itself was not hacked. T-Mobile's own servers and network were not compromised. T-Mobile has about 59 million subscribers. That means the bulk of T-Mobile's customers are safe. T-Mobile places all the blame on Experian, which took full responsibility.
"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian," said T-Mobile CEO John Legere, "but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy very seriously. This is no small issue for us."
Experian is one of the three major credit-reporting bureaus in the country. It also processes credit applications, among other things.
T-Mobile used Experian to handle customer credit checks. The 15 million records accessed by the hackers belong to people who applied to be T-Mobile customers. Not all the applicants had the credit to actually become T-Mobile customers, so the 15 million total includes current customers and non-customers who applied for service between Sept. 1, 2013 and Sept. 16, 2015. (The law requires that credit application data be held a minimum of 25 months, which is why the records go back so far.)
If you have been a T-Mobile customer since before Aug. 31, 2013, your data is probably safe. Consumers who applied to become T-Mobile in the date range above definitely need to take action.
Experian said it will contact all those impacted by the breach. Don't wait for them to reach out. If you think your data might have been compromised, contact Experian right away. Sign up for credit monitoring and identity resolution services. T-Mobile and Experian are offering impacted customers two years of free coverage through ProtectMyID.com. This service will keep an eye on your credit and help you fix any issues that may arise as a result of the breach.
Be sure to do your own monitoring. Pay attention to your bank statements, credit card bills, phone bills, and other monthly statements to be sure no surprises pop up. If you have any questions, or something odd appears, be sure to contact your credit card and other service providers immediately.
Experian said it is taking some corrective action, even if it is too late in this case. For example, it is ensuring Web application firewalls are working properly, enhancing encryption key security, limiting employee access to servers, increasing monitoring of the impacted servers/systems, and working with US and international law enforcement to chase the culprits.
Sadly, consumers are unable to do anything to prevent these types of hacks and exposures. All we can do is trust that companies are going to do the right thing when they happen. T-Mobile appears to be taking the issue seriously and has been proactive in reaching out to customers. Experian is taking steps to prevent similar attacks down the road and will help people affected by this particular event. Be sure to take advantage of all the help being offered.
If you have any concerns, T-Mobile has set up a FAQ to help provide some answers.