Corrects the fact T-Mobile service applicants were also affected, not just T-Mobile customers.
NEW YORK (The Street) -- While T-Mobile's (TMUS) CEO John Legere believes that "part of being the Un-carrier means telling it like it is," Mr. Legere has a problem on his hands that defies easy answers, not to mention solutions.
That said, despite Legere's publicly expressed frustration via public statements so far, "angry" hardly covers the full implications of this latest corporate hack. The recent announcement that a data breach at financial credit processing firm Experian affects at least 15 million T-Mobile USA customers and service applicants is just the start of it.
"Citizens - not just consumers - are at the heart of this and what happens next. In some ways this is going to be about customer relations on a level with a company like Volkswagen AG (VLKAY) - they have to get it right," according to Robin Speakman, a research analyst at Shaw Capital - an independent securities firm. "Senators have now written to Experian asking for more information about what happened."
In terms of what Experian is doing in the short term, the global financial services firm announced on its website that it had notified appropriate law enforcement agencies upon discovery of the breach. It is also offering those impacted by the break-in two years of free credit monitoring and identity theft resolution services.
A data breach of a company like Experian pales in comparison to an otherwise "normal" corporate hack. It is one of the three major American credit bureaus - which also includes Equifax (EFX) and TransUnion (TRU) - that affect if not touch every American with a credit card, cell phone or potentially social security number.
As a result, a hack at one of such companies leaves the door wide open for much larger scale hacks with a bigger impact long after the fuss over this incident is over. Some industry watchers, like the IT focused Inquirer claimed the information was already for sale on the first weekend after the hack on the dark web, a collection of websites that are publicly visible, yet hide the IP addresses of the servers that run them.
The impact to consumers is far more complex than it might appear, despite efforts by T-Mobile at least to downplay concerns about the impact of the breach. According to a T-Mobile spokesperson reached this afternoon by TheStreet, "This incident took place in one of our USA business units, and it's important to note this was not the consumer credit bureau. The incident was solely contained to the US and we've provided guidance to T-Mobile USA customers as you'll see from our statement and from this link, we're encouraging people to view."
"Credit cards are quickly replaced and, at least in the U.S., consumers have zero liability for fraud," commented John Gunn, VP of Corporate Communications at VASCO Data Security International, a two-factor authentication and digital solution provider. "The victims of this breach have a greatly increased risk of becoming victims of identity theft for the rest of their lives."
The situation is also complicated because T-Mobile's data was compromised on a third party server at Experian and the identity of the hacker is still not known and may never be.
"T-Mobile is suffering reputational and financial damage because of the actions of a third party partner and not their own - notwithstanding their choice of business partners," said Gunn. "It was Experian who suffered the breach. It becomes more interesting when you consider that T-Mobile and Experian will likely be competitors in the near future in the field of brokering digital identities."
In this scenario, frustratingly, subscribers and customers actually have few choices right now.
This situation is, for this reason, not expected to elicit consumer behavior seen after the hacks of firms Home Depot (HD) and Target (TGT) . As a result, most analysts expect that while "customers might switch phone companies and companies, like T-Mobile, may consider switching credit processors, in the end everyone is facing the same risk," said Speakman. "This time it was Experian. Next time, it could be another company."
"Sure, some people will opt for a T-Mobile competitor because of this, but probably not huge numbers," concurred Gunn. "It's likely that T-Mobile's customers also shopped at Home Depot or Target and may also have Blue Cross (ANTM) as their health insurance provider. Breaches have become so common that they inflict far less damage on a brand as consumers have become inured to reports of breaches."
Apart from possible litigation and Congressional hearings, the biggest outcome of this may well continue to show up in a different way. "There are two sides to this," said Speakman. "The first is punishment for the data breach, and the other is what to do to try to create regulatory and structural safeguards."
This situation - from the ten thousand foot level at least - is driving massive investment and interest in cyber security solutions," said Speakman. "It's clear that such products are desperately needed by the market."
According to a spokesperson from Experian, "At this point, we're really focused on doing what's right for affected credit applicants and ensuring they're notified and signing up for free credit monitoring and ID protection services Experian is offering."