Security Market Segment LS
Friday, 02 October 2015 15:46

T-Mobile/Experian hack update – Part II


As many as 15 million users of, or applicants for, T-Mobile USA services have had personal information stolen in a hack attack on Experian servers – the company it uses for credit checks.

The original iTWire article this morning is here. It is a good backgrounder if you are unaware of the details.

No group has claimed responsibility yet, nor made a ransom demand to return the data, indicating that it was a premeditated attack for the purposes of obtaining personal data for identity theft. At current market value, that information could be worth up to $300 million dollars if sold to cyber-criminals for the purpose of ID Theft. That is likely if the extent of the information is as comprehensive as suggested in international news reports.

Hackers then incorporate that stolen information into a larger, searchable database that may have other information about you making it easy to steal your identity. A stolen identity leads to stolen tax refunds, ruined credit, and worse. It is worse in the USA because of every man, woman and child has to have a social security number – a unique number that ties all records together.

Eva Velasquez, the CEO of the non-profit Identity Theft Resource Centre said, “There are many more steps you have to take to minimize your risk when your Social Security number is compromised versus payment card data. Payment cards can be cancelled, ending the harm. But thieves can use someone's Social Security number to open new financial accounts and take out new loans for big-ticket items like cars and they can file a false tax return in your name.”

Experian said hackers stole T-Mobile customer names, addresses, Social Security numbers, birthdays, and even sensitive identification numbers (like a driver's license, military ID or passport number) and that the encryption of sensitive personally, identifiable, information (PII) was likely compromised.

Experian, one of the largest credit brokers in the world, gathers vast amounts of incredibly PII data on all Americans, made it clear that hackers did not access its other computers that house data for other companies. "This was an isolated incident of one server and one clients' data," Experian said.

Experian’s reach extends into almost all areas of American life - customer loyalty cards that track the purchases of everyday necessities to public records including real estate liens and bankruptcy. Its vast database is widely used by automated advertising networks to load ads relevant to a given user, but it has many other applications.

Experian is not squeaky clean. In a previous incident, hackers stole at least 200 million identities from its database – this time belonging to Target USA (no relation to Target Australia owned by Wesfarmers though sister company Kmart has just been hacked)

Experian has also sold the PII data of millions of Americans to a fraudster in Vietnam. Hieu Minh Ngo, now 25, was caught and admitted to posing as a private investigator in Singapore to get exclusive access to PII data via Court Ventures, an Experian subsidiary. Ngo then sold access to fellow criminals. Cyber-criminals are alleged to have accessed that database 3.1 million times. It was not until U.S. Secret Service agents alerted Experian that the practice stopped.

According Barry Kouns, a security professional who maintains a Cyber Risk Analytic database of major data breaches, Experian's databases have been involved in 97 breaches of personal information.

"Based on our research, it appears that data brokers place a high value on collecting and using our information but not so much on protecting it," Kouns said.

Nearly 800 major and reportable data breaches by US organisations were identified in 2014, according to the Identity Theft Resource Centre.

The upside is really the downside

Experian's offer may be a two-edged sword. It is offering T-Mobile customers two years of free credit monitoring and identity protection. All of which requires customers to give more information to the company that has reportedly had 97 leaks!

"Customers will be cynical about using credit monitoring from Experian," said Gartner security analyst Avivah Litan. "Why would you trust someone with your account that has been breached?"

There have been a string of high-profile hacks of businesses and other organizations recently affecting millions of people, including adult (or is that adultery) website Ashley Madison, Sony Pictures, the insurer Anthem, Home Depot, Target, eBay, and the U.S. Office of Personnel Management.

“The irony is that so many companies have used Experian as a ‘clean room’ to put their data together with other companies’ data to keep it from being personally identifiable. That very ability can make everything personally identifiable,” said Jon Mandell, formerly of Precision Demand and now a consultant to the industry.

While I was researching this, I came across CNN Money’s excellent web site and an article titled ‘What hackers know about you’.

It ihas also making it n Demand and now a consultant to the industry. you., sfarmers_)ehensiver r identity theft. At current marekes chilling and worth a visit just to click randomly on a few suppliers that have been hacked to see the extent of information collected. For example:


Bottom line – walk softly and leave a very small, light, digital footprint.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News