NEW YORK (MainStreet) — The ugly news exploded last week: 15 million applicants for credit at T-Mobile have had their personal information stolen by hackers from a server maintained at Experian, the credit reporting agency. But then the news gets worse: very bad times are ahead for many of those 15 million, due to the nature of the stolen data.
And nobody knows exactly how the hack occurred. “There is not a ton of info on this,” admitted Christopher Budd, a security expert with Trend Micro.
For its part, T-Mobile has busied itself throwing mud at Experian. Said T-Mo CEO John Legere in a letter to consumers: “I am incredibly angry about this data breach, and we will institute a thorough review of our relationship with Experian.”
Experian, right now, shapes up as the bigger loser. Said Clay Calvert, director of cybersecurity for MetroStar Systems: “There are other two other companies [Equifax and Transunion] that monitor credit. Experian will be hurt more than T-Mobile.”
How did Experian get its hand on T-Mo’s data? Simple. When a consumer sought credit from T-Mo, T-Mo punted to Experian. Explained T-Mo in a q&a: “Experian maintains a historical record of the applicant data used by T-Mobile to make credit decisions. The data provides the record of the applicant’s credit application with T-Mobile and is used to assist with credit decisions and respond to questions from applicants about the decision on their credit application. The data is required to be maintained for a minimum period of 25 months under credit laws.”
Experian in its statement told about the breach: “Experian North America today announced that one of its business units...experienced an unauthorized acquisition of information from a server that contained data on behalf of...T-Mobile, USA, Inc. The data included some personally identifiable information for approximately 15 million consumers in the US, including those who applied for T-Mobile USA postpaid services or device financing from September 1, 2013 through September 16, 2015, based on Experian's investigation to date.”