Hacked T-Mobile Data ‘For Sale Online’

Matthew Broersma,
data breach, security

Personal data on 15 million T-Mobile USA customers has already gone up for sale on the web, according to researchers

T-Mobile customer data stolen by hackers last month has already appeared online for sale, according to security researchers.

Trustev, an Irish security start-up, saw listings appear on Friday morning for data matching that from the T-Mobile hack, the firm told finance news publication VentureBeat, which published screen-shots of the data provided by Trustev.

data breachPersonal data

“Once fraudsters get their hands on data, they typically unload it very quickly,” Trustev reportedly said. The company said it can’t be certain the data originated from the hack, but it is “likely considering the type of data and timing”.

Security experts fear data thieves could use the information stolen from Experian to build detailed profiles on individuals, pieced together from multiple sources, including health data. The misuse of such profiles could go beyond identity theft to purposes such as blackmail, security researchers said.

The NHS is amongst the organisations that provide health data to private companies, including Experian. Such data doesn’t include patient names, but includes identifying information such as addresses that could be cross-referenced with other stolen data.

Experian hacked

T-Mobile reported last week that data including names, addresses, Social Security numbers and dates of birth on an estimated 15 million individuals applying for post-paid mobile services between 1 September, 2013 and 16 September, 2015, had been stolen by hackers from Experian, which T-Mobile uses to process customer applications. Only T-Mobile USA customers were affected, the company said.

Experian said it discovered the breach on 15 September, and said that no payment card information was involved.

The company said it is working with US and international law enforcement agencies on the matter and has taken “additional security steps” to help prevent future incidents. Experian said it has seen no evidence that the data has been used “inappropriately” but recommended those affected to enroll in the free identity resolution services it is offering.

“We are addressing this issue with strengthened IT security, and we are providing those affected by this theft with the assistance they need,” Experian said in a statement.

Data breaches are becoming increasingly commonplace, with the Information Commissioner’s Office (ICO) receiving on average two complaints each day related to the security of personal information in 2014, up 30 percent from the previous year, according to figures released last week.

Are you a security pro? Try our quiz!