Hackers have made off with personally identifiable information of roughly 15 million T-Mobile customers, and the CEO of the telecom said he’s “incredibly angry” at a third-party company he blames for the data breach.
T-Mobile CEO John Legere announced Thursday that records dating back to 2013 had been compromised by cybercriminals who had managed to hack Experian, an information services group that processes credit checks for his company.
Mr. Legere said specifics concerning the scope of what the hackers had accessed was not immediately clear, but that names, addresses and birthdates of 15 million customers who had undergone credit check for service or device financing between Sept. 1, 2013 and Sept. 16, 2015, appeared to have been stolen.
Social Security numbers that had been protected by encryption were also pilfered, Mr. Legere said.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” he said.
T-Mobile’s systems were not directly compromised during the hack and Experian has promised “aggressive steps” to improve its security, Mr. Legere said.
Experian is offering affected customers two years of credit monitoring and protection through a service of its own, and said in a statement that it has already reached out to U.S. and international law enforcement groups and reviewed the supposed security measures it had in place.
On Twitter, Mr. Legere addressed concerns from individuals who opposed allowing Experian to provide identity fraud detection services and said he was “moving as fast as possible to get an alternative option in place.”
According to Christopher Budd, a global threat communications manager at security firm Trend Micro, the inability to protect sensitive data despite encryption efforts suggests the hack could be bigger than initially thought.
“If the encrypted data was compromised, that would indicate a very effective and broad compromise of Experian’s network, most likely due to compromised administrator credentials of some kind,” Mr. Budd said.
Approximately 17.6 million Americans above the age of 16 had their personally identifiable information compromised at least once during the last calendar year, according to a recent Department of Justice report. Roughly 86 percent of them reported that fraudsters tried to open up credit cards or bank accounts in their name soon after.
Within the federal government, a separate report put out this week identified a 1,121 percent increase during a recent eight-year span with regards to cyber incidents such as data breaches.