It looks like the world of Internet and technology is facing yet another round of major platforms being hacked. Not only has Patreon dealt with a database breach – of which the stolen data was leaked online shortly afterward – but major telco T-Mobile has been suffering from the same fate. Details of roughly 15 million US customers have been stolen by hackers, including driver’s license numbers and other sensitive personal information.
T-Mobile Data Leaked Due to Third-Party Provider Hack
Unlike the Patreon hack, the data stolen belonging to T-Mobile customers was accessed by hacking a third-party service provider. Credit-reporting service Experian has been contracted by T-Mobile to process the company’s credit applications, and it was their database that was attacked by unknown assailants. Exact details about the method of the attack remain unclear, but we do know that sensitive data of roughly 15 million US citizens has been stolen.
Experian doesn’t have the best of reputations either when it comes to keeping customer data safe. Ever since the company announced a first database breach in 2013, this recent T-Mobile debacle marks the third hack since that date. Keep in mind these are only data breaches admitted to by Experian, as the actual number could be much higher.
In fact, T-Mobile CEO John Legere is not amused with this entire situation, and the relationship between his company and Experian will be “thoroughly reviewed”. However, the main focus of Mr. Legere is assisting all of the affected T-Mobile customers. Luckily, no payment details or card numbers have been breached during this attack.
That being said, a ton of sensitive customer data has been breached. Names, addresses, social security numbers, birth dates and passport numbers are now in the hands of hackers. Despite encrypting social security numbers and ID numbers in the Experian database, company officials have admitted the encryption may have been compromised during the attack.
All affected customers are advised to put a fraud alert on their credit files, as it seems very likely this stolen data will be used for identity theft sooner or later. Sensitive personal details such as a date of birth and a social security number can be used in various malicious ways.
Experian’s Insecure Solution To Store Data
The main question is why Experian is holding on to customer data after they processed the credit application of that individual. While there may be several plausible reasons for doing so, Experian failed to properly protect this data by relying on centralized and insecure database solutions. This is especially painful when considering this is the third time in as many years Experian has been involved in database hacks.
There are decentralized and more secure solutions to store customer data if companies would go through the trouble of looking for them. Blockchain technology, which powers the Bitcoin network, has proven to be an impermeable ledger of not only transactions but also wallet addresses and other network statistics. This same technology can be adopted to suit the needs of replacing database solutions.
Were you affected by this T-Mobile data loss? If so, have you taken steps to protect your data from being misused? Let us know in the comments below!
Source: Ars Technica
Images courtesy of T-Mobile, Experian, Shutterstock