15 Million T-Mobile Customers’ Data Exposed | T-Mobile Data Breach in 2015

October 23, 2015

t-mobile data breach

On October 1, it was announced that approximately 15 million T-Mobile customers were impacted by a T-Mobile data breach at credit agency Experian PLC, the latest major leak of confidential data to hit corporate America.

The exposed data included names, addresses, birth dates and encrypted Social Security numbers, driver’s license or passport numbers for customers who might have applied for T-Mobile cell service between Sept. 1, 2013 and Sept. 16, 2015.

T-Mobile said the T-Mobile data breach was discovered on September 15 and included information on millions of their subscribers, former customers and people who applied for service or device financing at the wireless carrier over the last two years.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” T-Mobile CEO John Legere said. “I take our customer and prospective customer privacy VERY seriously.”

Experian is one of the three major American credit bureaus, along with Equifax and TransUnion, that affect, if not touch every American with a credit card or cell phone.

There is no evidence yet that any breached information has been inappropriately used and Experian is notifying the individuals who may have been affected. They are also offering free credit monitoring and identity resolution services for two years to affected customers.

Hackers typically put this type of information up for sale on black markets, where large data bases of information are aggregated and sold to identity thieves. A stolen identity can lead to stolen tax refunds, ruined credit and worse.

T-Mobile is in the process of reaching out to people who may be impacted by the T-Mobile data breach.

Here are four steps to take if you are ever afraid your personal data has been breached. All four steps can be done by calling each of the three credit bureaus (Experian: 1-888-397-3742, Equifax: 1-800-525-6285, and TransUnion: 1-800-680-7289).

  1. Monitor your credit reports. You are entitled to one free credit report every 12 months from each of the three credit bureaus.
  2. Consider placing a “fraud alert” with each of the three credit bureaus. An alert doesn’t block potential new credit, but places a comment on your history. Creditors should contact you prior to opening a new account.
  3. Consider placing a “security freeze” with each of the three credit bureaus to prohibit the release of any information from your reports. A security freeze can help prevent identity theft since most businesses won’t open credit accounts without checking a consumer’s credit history first.
  4. Beware of unsolicited calls or emails offering credit monitoring or identity theft services. Never provide your Social Security number, credit card numbers, or other personal information in response to unsolicited emails or calls.

Unencrypted Device Breaches Persist

June 24, 2015

Health Data Breach Tally Shows String of Theft Incidents

By , June 23, 2015.

Unencrypted Device Breaches Persist

Although hacker attacks have dominated headlines in recent months, a snapshot of the federal tally of major health data breaches shows that stolen unencrypted devices continue to be a common breach cause, although these incidents usually affect far fewer patients.

As of June 23, the Department of Health and Human Services’ Office for Civil Rights’ “wall of shame” website of health data breaches affecting 500 or more individuals showed 1,251 incidents affecting nearly 134.9 million individuals.

Those totals have grown from 1,213 breaches affecting 133.2 million individuals in an April 29 snapshot prepared by Information Security Media Group (see Breach Tally Shows More Hacker Attacks).

The federal tally lists all major breaches involving protected health information since September 2009, when the HIPAA Breach Notification rule went into effect. As of June 23, about 52 percent of breaches on the tally listed “theft” as the cause.

Among the breaches added to the tally in recent weeks are about a dozen involving stolen unencrypted computers. Lately, those type of incidents have been overshadowed by massive hacking attacks, such as those that hit Anthem Inc. and Premera Blue Cross.

“Although we’ve seen some large hacking attacks, they are aimed at higher-profile organizations than the more typical provider organization,” says privacy and security expert Kate Borten, founder of the consulting firm, The Marblehead Group. “Attackers know that these organizations have a very high volume of valuable data. But I continue to believe that unencrypted PHI on devices and media that are lost or stolen is ‘the’ most common breach scenario affecting organizations of any size.”

Borten predicts that many incidents involving unencrypted devices will continue to be added to the wall of shame. “Getting those devices encrypted is an ongoing challenge when we expand the requirement to tablets and smartphones, particularly when owned by the users, not the organization,” she says. “We also shouldn’t overlook encryption of media, including tapes, disks and USB storage drives.”

Unencrypted Device Breaches

The largest breach involving unencrypted devices that was recently added to the tally was an incident reported to HHS on June 1 by Oregon Health Co-Op., an insurer.

That incident, which impacted 14,000 individuals, involved a laptop stolen on April 3. In a statement, the insurer says the device contained member and dependent names, addresses, health plan and identification numbers, dates of birth and Social Security numbers. “There is no indication this personal information has been accessed or inappropriately used by unauthorized individuals,” the statement says.

Also recently added to the federal tally was a breach affecting 12,000 individuals reported on June 10 by Nevada healthcare provider Implants, Dentures & Dental, which is listed on the federal tally as “doing business as Half Dental.” The incident is listed as a theft involving electronic medical records, a laptop, a network server and other portable electronic devices.

In addition to the recent incidents involving stolen or lost unencrypted devices, several breaches added to the wall of shame involve loss or stolen paper records or film.

“Breaches of non-electronic film and paper will never end, but at least these breaches are typically limited to one or a small number of affected individuals,” Borten says. Because many of the breaches involving paper or film are often due to human error, “effective, repeated training is essential” to help prevention of such incidents, she says.

Read full article…