In spite of its claims to the contrary, the recent hack of T-Mobile USA customer data at credit bureau Experian is actually one of many such attacks. Furthermore, Experian’s inattention to security has become a political lightning rod in the debate over the Cybersecurity Information Sharing Act of 2015 (CISA).
According to the AP, hackers recently stole personal information from Experian belonging to about 15 million T-Mobile wireless customers and potential customers in the U.S., including Social Security numbers, home addresses, birthdates and other personal information.
Experian promptly notified authorities and posted an explanatory web page on its site for affected parties. It also offered two free years of credit monitoring services at www.protectmyID.com/securityincident, a service that Experian owns.
The public quickly picked up on the disingenuousness of Experian’s offer of its own monitoring service, and many people expressed their displeasure on Twitter. In response, T-Mobile CEO John Legere actively engaged with an understandably enraged Twitter audience – even though there are no indications at this time that any of T-Mobile’s own systems were compromised.
“I hear you re: Experian as service protection option,” Legere tweeted on October 1. “I am moving as fast as possible to get an alternate option in place by tomorrow.”
For its part, Experian doesn’t express any concerns about offering its own credit protection service to affected customers. “Q: Since Experian was compromised; can it effectively offer credit monitoring?” Experian asked in their Q & A about the incident. Their response: “A: Absolutely. This was an isolated incident of one server and one client’s data. The consumer credit bureau was not accessed in this incident and no other clients’ data was involved.”
However, Experian’s claim that this breach was an isolated incident is entirely untrue. In fact, there is a pattern of breaches at Experian, as well as at credit bureau competitors TransUnion and Equifax, dating back several years, according to a 2012 article on the Bloomberg Tech Blog (no relation to the author).
Read the entire article at http://www.forbes.com/sites/jasonbloomberg/2015/10/03/experian-hack-continues-pattern-of-recklessness/.
Intellyx advises companies on their digital transformation initiatives and helps vendors communicate their agility stories. As of the time of writing, none of the organizations mentioned are Intellyx customers. Image credit: Don Hankins.
You take a very agreeable approach in the dissection and identification of this problem. Not exclusive to Experian there are lots of Data Brokers that also have the potential to leak data inadvertently and with great consequence to the victims. However as this has been 1 of a series of findings (Healthcare.gov GAO Report Experian Weaknesses) regarding this specific broker I would only hope they leverage the negative PR and formulate a strategy to further mature the inherent process failures that have been taking place or reaching the press in the very recent future.
Its not the breach that concerns me, its the many incidents that are folding around us globally with unique leverage to anyone who harnessed it all. At Bits and Digits we work through a lens of exploitation to better remediate and or mitigate risks our clients have. In this case and as a former BISO for said company I wish them luck in both gaining public trust in both their data and capability to esnure its safety.