Cyber Incident Victim: T-Mobile US
Date:
Sep 2013
Location:
United States of America
Summary
A cybersecurity breach at a third-party credit-reporting service provider compromised sensitive personal information belonging to over 15 million applicants for cellular services. The attackers accessed names, addresses, social security numbers, birth dates, and identification documents including driver's licenses, military IDs, or passport numbers from an external database processing credit applications. While the stolen identity numbers were encrypted, investigators confirmed the encryption may have been compromised. The affected individuals were offered two years of credit monitoring, though the telecommunications company confirmed its own systems and financial data remained unaffected by the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 15, 2015, Experian officials discovered unauthorized access to a server containing sensitive personal data of individuals who applied for T-Mobile USA postpaid services between September 1, 2013, and September 16, 2015. The breach resulted from a direct attack on Experian’s infrastructure, which T-Mobile had contracted to process credit applications. Hackers exfiltrated records containing names, addresses, birth dates, Social Security numbers, and identification documents such as driver licenses, military IDs, or passport numbers. While Social Security numbers and ID numbers were encrypted, Experian investigators determined the encryption might have been compromised during the intrusion. The compromised data impacted over 15 million U.S. consumers who underwent credit checks during T-Mobile service applications. T-Mobile CEO John Legere confirmed the company’s own systems and networks were not breached and emphasized no payment card or bank account information was exposed. Experian publicly disclosed the incident on October 1, 2015, after initiating an investigation that remained ongoing at the time of disclosure.
T-Mobile’s leadership expressed anger over the breach, with Legere announcing a thorough review of the company’s relationship with Experian while prioritizing assistance to affected consumers. Experian offered two years of free credit monitoring to impacted individuals through a dedicated FAQ but acknowledged the limitations of such measures in preventing identity theft. Security analysts noted credit monitoring provides inadequate protection compared to proactive steps like placing fraud alerts on credit files. The incident marked at least the third major data breach disclosed by Experian since March 2013, raising concerns about systemic vulnerabilities in its data handling practices. The breach notification cautioned that initial assessments might understate the incident’s full scope, leaving open the possibility of additional compromised records or services being identified later. No specific attacker attribution or detailed intrusion methods were disclosed in the available information.