Data stolen from 15 million T-Mobile customers over a two-year period has started showing up on the Internets’ underbelly. An Irish fraud prevention startup called Trustev says it found complete sets of identity information on sale on the dark web for $25 apiece.
Trustev says while it is not 100% sure this information is from the T-Mobile/Experian data breach, it is quite likely. Stolen information such as this often shows up online within a few days. The company found multiple “fullz,” which is slang for complete set of identity information can be used to steal your identity or commit credit card fraud.
The attackers stole info from Experian North America’s business units, which included names, dates of birth, addresses, Social Security numbers, potentially alternative forms of identification like a drivers license number, and information used in T-Mobile US’ credit assessment.
The attacks included personal identification information for approximately 15 million people who applied for postpaid services or device financing between Sept. 1, 2013, and Sept. 16, 2015. The carrier noted those impacted could include people who did not become T-Mobile US customers.
T-Mobile US CEO John Legere in a letter on the carrier’s website, said it is working with Experian “to take protective steps for all of these consumers as quickly as possible.”
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere said. “I take our customer and prospective customer privacy very seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
Experian has set up two years of free credit monitoring to those T-Mobile US customers who may have been impacted by the data breach. T-Mobile US also posted a frequently asked questions page on its website with more information.