Last week Experian, a reputable company known for performing credit checks, suffered a data breach which saw the personal info of 15 million T-Mobile customers up for grabs.
T-Mobiles CEO says he is “incredibly angry” and frankly who can blame him? It’s worth bearing in mind that T-Mobile were not breached, in fact they did nothing wrong.
Which is obviously where his anger comes from: despite not being responsible for the breach T-Mobile are still going to lose face with customers.
You can’t even blame T-Mobile for using a cheap, shoddy service to perform their credit checks: Experian, until now, have had a great reputation and solid track record.
Safeguard that data
Mark James, ESET IT security specialist, explains that with the sheer volume of data companies have to deal with they have to trust some services to third parties.
“Whilst having their data in the care of Experian for credit check purposes it would appear Experian themselves have been hacked.
“With the sheer amount of data that is handled on a daily basis some companies have to rely on third parties to do some of those jobs that they are unable to do just like us having to take our car to the garage for repairs or servicing.
“15 million people have had their data stolen from T-Mobile who in this particular instance were not technically at fault, their trust was in Experian to safeguard that data and sadly they have been let down.”
Assurances
Mark explains that unfortunately there’s very little that T-Mobile could have done about this: they entrusted their user’s data to Experian, beyond that it’s Experian’s responsibility to keep it safe.
“Sadly all T-Mobile would have from Experian is their assurances that the data will be looked after and kept secure, but ultimately they have no real control over this and have to rely on their ability to do so.
“As usual in these cases the public will suffer the most, end users data will be used for criminal activity that could include identity theft or more targeted attacks to gain as much info as possible from this breach.
“As T-Mobile were the initiating holder of the data they will need to answer to the public and offer some kind of financial protection for anyone affected that may include credit protection services.
“In reality all you have is assurances and promises, no one is going to make a statement saying they guarantee to protect your data 100% of the time.
“All they can do is make the best decisions and do their best to ensure they are using validated and creditable organisations to keep your data safe, just like Experian, in some cases it’s not always best to go with the biggest companies as often these carry the biggest targets for cyber criminals.”
Are you a T-Mobile customer? How do you feel about the breach?
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.
Are you Serious about Security? If you are then check out everything that’s going on during Security Serious week.