Another day, another breach - T-Mobile 15 million customers

allisolm · Oct 2, 2015

http://www.usatoday.com/story/tech/...may-have-exposed-15-million-records/73171066/

The breach happened at Experian.

"...what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015,"

"The data set was for applicants and customers of T-Mobile who applied for service over that two year period," said Experian spokeswoman Susan Henson.

"The compromised information includes customers' names, addresses and birth dates as well as encrypted fields with Social Security number and ID number, which could be a drivers license or passport number.

Experian told T-Mobile the encryption protecting those numbers may have been compromised, Legere said."

Hugo Drax · Oct 2, 2015

At this rate, everyones info will be in some torrent.

vi edit · Oct 2, 2015

Welp...that includes me.

I signed up to t-mobile in April. LAME.

Fanatical Meat · Oct 2, 2015

T-Mobile does have pretty sloppy IT practices from allowing people to view the monitor when a transaction is happening to having some old XP machines lying around until recently.

SamQuint · Oct 2, 2015

Sad truth, there are two types of companies out there. Those that have been hacked, and those that don't know they have been hacked.:|

TheVrolok · Oct 2, 2015

Hugo Drax said:
At this rate, everyones info will be in some torrent.

This. Honestly, there needs to be some change in the way identities are "managed." Legislation will need to catch up to technology. Everyone will have their "private information" out there soon enough.

WaTaGuMp · Oct 2, 2015

As long as my midget goat porn site info is secure, its cool.

dainthomas · Oct 2, 2015

I guess the only consolation is that SO many records are being compromised now that the chances of any one person's information being used is pretty low.

But yeah, there needs to be some way to check credit other than with SSN.

John Connor · Oct 2, 2015

WaTaGuMp said:
As long as my midget goat porn site info is secure, its cool.

Shit... So long as my puking Japanese woman fetish porn info is secure I'm good...

John Connor · Oct 2, 2015

Since the Anthem/Blue Cross hack I got two years of free credit protection. Same thing will happen here.

WTF though. What happened to encryption? What was the vector? I mean FFS. My shity little phpBB forum's passwords are bcrypted. Cracking that is a PITA.

CPA · Oct 2, 2015

allisolm said:
http://www.usatoday.com/story/tech/...may-have-exposed-15-million-records/73171066/

The breach happened at Experian.

"...what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015,"

"The data set was for applicants and customers of T-Mobile who applied for service over that two year period," said Experian spokeswoman Susan Henson.

"The compromised information includes customers' names, addresses and birth dates as well as encrypted fields with Social Security number and ID number, which could be a drivers license or passport number.

Experian told T-Mobile the encryption protecting those numbers may have been compromised, Legere said."

Social Security number is supposed to be a protected piece of information, meaning it is supposed to be only required for government forms. The fact that we have to use if for practically everything now is ridiculous. I wish the government would crack down on companies requiring us to use it.

KeithP · Oct 2, 2015

Fanatical Meat said:
T-Mobile does have pretty sloppy IT practices from allowing people to view the monitor when a transaction is happening to having some old XP machines lying around until recently.

allisolm said:
The breach happened at Experian.

RIF

-KeithP

John Connor · Oct 2, 2015

CPA said:
Social Security number is supposed to be a protected piece of information, meaning it is supposed to be only required for government forms. The fact that we have to use if for practically everything now is ridiculous. I wish the government would crack down on companies requiring us to use it.

Yeah, just like my rotten bank. It's not supposed to be for ID purposes at all.

Homerboy · Oct 2, 2015

I use TMobile -- but never applied for credit.
SAFE!

Homerboy · Oct 2, 2015

Question: What happens with the Credit Monitoring services get hacked!?!?!

Brainonska511 · Oct 2, 2015

I have TMobile, but it's all prepaid and never gave them my SSN to apply for credit/contract.

vi edit · Oct 2, 2015

Homerboy said:
Question: What happens with the Credit Monitoring services get hacked!?!?!

<mind blown>

Well, Experian owns the credit monitoring service they offered. So yeah.....

Hugo Drax · Oct 2, 2015

John Connor said:
Shit... So long as my puking Japanese woman fetish porn info is secure I'm good...

I heard the Japanese coffee enema shower site is secure as well.

John Connor · Oct 2, 2015

SunnyD · Oct 2, 2015

Good news is that I already resigned myself to the fact that all of my PII is already out there since the day I was born.

This also seems weirdly appropriate:

I'm going to be Wolfgang Shitzowitz.

mmntech · Oct 2, 2015

I think a lot of these big corporations have deluded themselves into thinking that this stuff can't happen to them. Probably because a lot of them cut their chops back when the worst threats were worms. Oh, they took precautions for that. So they never invest in security audits or upgrades.

Most of these hacking cases aren't just some lone neckbeard in their basement anymore. A lot of these guys now have big money backing them. Corporations have to react accordingly.

shortylickens · Oct 2, 2015

I only use prepaid with Tmobile, so they shouldnt have much info. I hope.

KentState · Oct 2, 2015

It doesn't even take "hacking" to get this stuff. I don't work for/with T-Mobile and I actually came across files of theirs on a third party server I was given access to. It's a huge red flag when these companies like Experian, Acxiom, Neustar, etc get handed thousands of files a day with potential PII information.

BUTCH1 · Oct 2, 2015

Brainonska511 said:
I have TMobile, but it's all prepaid and never gave them my SSN to apply for credit/contract.

That's how I roll too but T-mobile has slid downhill badly in the last few years. Sometimes I'll get a text hours after it was sent, with voicemail you constantly have to log on and re-save messages or they get dumped. Yea, I get it, if they didn't do that there would be lazy people with hundreds of messages but they should have given one the ability to "perma-save" 4-5 important messages, nope. then the coverage is getting worse, embarrising when someone with Trac-phone get bars and you don't. Fuck T-mobile, I'm dumping 'em.

Ken g6 · Oct 2, 2015

Homerboy said:
I use TMobile -- but never applied for credit.
SAFE!

Me too! :thumbsup: So glad I chose prepaid when I signed up in October 2013.

Another day, another breach - T-Mobile 15 million customers

Elite Member

Diamond Member

Elite Member

Lifer

Golden Member

Lifer

Lifer

Lifer

Lifer

Lifer

Elite Member

Diamond Member

Lifer

Lifer

Lifer

Lifer

Elite Member

Diamond Member

Lifer

Belgian Waffler

Lifer

No Lifer

Diamond Member

Lifer

Programming Moderator, Elite Member