T-Mobile customers hit by Experian breach get credit monitoring by Experian
Wireless carrier T-Mobile is warning 15 million customers whose personal information was compromised in a data breach at credit reporting company Experian.
In a bizarre twist of irony, those customers are currently being offered two years of free credit monitoring from ProtectMyID.com – a service owned and operated by Experian.
The data breach, announced on Thursday, 1 October, affects those who applied for service or device financing from T-Mobile between September 2013 and September 2015.
No payment details like credit card or debit card numbers were stolen in the breach, but that’s small comfort.
According to a letter from T-Mobile CEO John Legere, the stolen data includes:
- names, addresses, birth dates and telephone numbers
- “encrypted” Social Security numbers (SSN) or other identity numbers (such as a driver’s license or passport number)
- along with “additional information used in T-Mobile’s own credit assessment”
Although SSN and other ID numbers were encrypted in some fashion, T-Mobile said in an FAQ the “encryption may have been compromised.”
The compromised data is a potential goldmine for identity thieves.
If SSNs were stolen, combined with the other identifying data like names and addresses, it’s a recipe for all kinds of identity theft.
A crook could use your SSN and identity to open credit card accounts in your name, apply for bank loans for items like cars, or file phony tax returns.
T-Mobile and Experian confirmed that the breach was a result of unauthorized access of an Experian server where the T-Mobile customer data was stored.
Notifications to the affected T-Mobile customers are actually being sent out by Experian, which advised those customers to enroll for their free credit monitoring by visiting the ProtectMyID website or by calling a toll free number.
Legere acknowledged the, shall we say, uncomforting fact that Experian is both the source of the problem and the offered solution in this incident.
Legere took to Twitter on Thursday, saying T-Mobile is looking for an alternative option to provide customers with credit monitoring:
I hear you re: Experian as service protection option. I am moving as fast as possible to get an alternate option in place by tomorrow.
Legere also implied in his letter to customers that T-Mobile might sever its ties to Experian, saying he was “incredibly angry,” and will be conducting a “thorough review of our relationship with Experian.”
Experian CEO Craig Boundy, in a press release, offered an apology.
Experian said it’s taking steps to mitigate the fallout from the incident, including removing any malware, isolating affected servers, increasing monitoring of affected systems, and working with law enforcement.
All of this sounds good, but we wonder if Experian’s data security protocols weren’t up to snuff to begin with.
The credit monitoring company has also experienced problems with indirect data leakage.
A few years ago, a crook who worked as a kind of identity thief broker compiled personal information on 200 million Americans by reportedly purchasing data in bulk from an Experian-owned company called Court Ventures.
And it was revealed in 2012 that identity thieves were fraudulently acquiring consumer credit reports from Experian by hacking banks, car dealerships and other businesses that use the service for credit checks.
If the people who are supposed to monitor your credit can’t be trusted to keep your data safe from identity thieves, you can you trust?
Diversify Credit Pulls – Easily Find Out Which Bank Uses Which Agency In Your State
Join over 5,000 people who are subscribed to receive a once daily email with all of our posts. Never miss out! Click here to subscribe.
Which Credit Agency Does Each Bank Use?
If you are into the credit card churning game, then you must at some point have run into an issue getting approved for a card. Many times the banks will cite “too many new accounts”, but other times they will cite the number of recent inquiries.
Thankfully there are three credit reporting agencies (Equifax, Experian & Transunion) and most banks normally only pull your report from one for credit card applications. (Capital One generally pulls all three.) This allows you to spread out your inquiries to make your credit profile look better to the bank.
While you can always check each of your credit reports to see which bank used which agency in the past, that isn’t necessarily the most efficient way to do it. CreditBoards maintains a “Credit Pulls Database“. This database contains information submitted from members of their site. Not only is the information generally accurate, but it is up to date as well.
The Credit Pulls Database is a very simple tool. It allows you to search by creditor, credit agency, state and score required. In the creditor field you can either generically type in the name of a bank such as “Chase” or you can specifically type in the name of a product like “Chase Freedom”. (Some banks use different agencies for different products.)
Based on this data, Chase seems to pull from Experian in Nevada.
After performing your search, you will find the results ordered from newest to oldest. If provided, you will see whether the person was approved or not, their score, the date and any other relevant data.
The Credit Pulls Database is a simple and easy tool to use to determine which agency a specific bank will use to pull your credit. When formulating a strategy for a round of applications, it is really important to diversify credit pulls as much as possible.
Did you know about this tool? Do you use it or another tool? Let me know in the comments.