One of the leading credit reporting bureaus is also the source of one of the latest massive data breaches: Experian. The hack compromised the data of millions of people when an unauthorized user accessed a server containing data from one of its clients, T-Mobile. After investigating the attack, Experian found that over 15 million T-Mobile customers and applicants from between September 2013 and 2015 might have had their information taken. Experian assures people that the breach did not impact any of the information in its consumer credit database.
What Data was Taken?
According to a press release from the company, the data possibly accessed from the breach included names, social security numbers, dates of birth, driver’s license numbers, addresses, and possibly information used within T-Mobile’s own assessment of potential customers credit. They have said that no credit card or banking information was included in the breach.
Although actual banking data was not stolen, enough information was stolen to lead to fraudulent activity that could include opening accounts using user’s social security number, accessing bank records, and other types of identity theft. Experian encourages people to check their accounts and credit reports for any potential fraudulent charges.
What Experian is Doing
As most companies do whose data is breached, Experian is taking action to help the potential victims. They plan to offer two years of free credit monitoring and identity theft services through ProtectMyID. After backlash that the company only offered services by one of their own companies, T-Mobile said that they would also offer these services from TransUnion’s CSID for those who no longer trust Experian with their information.
Experian will be contacting affected victims with information about the attack and the complementary identity theft services through the mail. For more information, you can visit a special website, http://www.experian.com/T-MobileFacts for more details. The company will not be calling victims or messaging them asking for persona information. Experian emphasizes that victims should not provide any personal information to someone contacting them about the attack, as this may be additional fraudulent activity.
The Victim’s Response
The hack was revealed on October 1, and within a week many of the victims have taken legal action against the company. Several suits against both T-Mobile and Experian and just Experian were submitted, trying to reach class-action status. With Experian’s status as one of the top credit agencies in the country, the hack is even more surprising, leading to an even larger backlash than some of the other large data breaches.
People are tiring of this type of massive data breach that ends up costing the victims time and money. Although the companies, like Experian, offer free credit monitoring and identity theft resolution services, it can only help after fraudulent events occur. Victims still have to deal with the problem once it happens, even if they have free services helping them to take care of it. The best solution is to create stronger security to prevent hacks before they can take place, or at least put better programs in place to discover breaches much faster so that they can be addressed before anything actually happens to the victims.