T-Mobile US hires someone other than bungling Experian to offer ID theft monitoring to hack victims First, Experian was hacked by criminals, and its sensitive records on 15 million people who applied for T-Mobile US phone contracts were stolen. Then, bafflingly, Experian was hired by T-Mobile US to provide identity theft and credit monitoring for those caught up in the security breach. Now the telco will let people pick …
They're listening to the customers instead of taking the easy way out... I'm just wondering if any of the big 3 credit agencies are properly secured. They would be a tempting target for any miscreant. We know they dinged one but not the full extent and may never know but what of the other two? Yeah... I know... "when" not "if", but do they?
We know they dinged one but not the full extent and may never know but what of the other two? Yeah... I know... "when" not "if", but do they?
Since it seems Experian has been open for two years, the answer to when may very well be years ago. Much like the Scottrade breach it seems a good deal of this activity has been ongoing for quite a while and I actually expect we will be finding out that more financial institutions are sitting in the very same boat. Wasn't the breach at JP Morgan Chase going on for months when they spotted it last year?
Personally, I blame the NSA as they find these holes and keep them to themselves so they can exploit them but it's highly likely that if the NSA can find them so can their adversaries. In this case the enemy of my enemy isn't my friend.
Originally, Experian was picking up the tab but T-Mobile has hired someone else. Now I've got a feeling there's going to be some lawyers involved to get Experian to pay for it.
As for the DP... they would go after Experian. INAL, but there might be something said against T-Mobile (again.. cue the lawyers) as case could be made that T-Mobile didn't do 100% due diligence in selecting a credit agency to process.
Might need a bigger bag of popcorn if the lawyers really get involved. If they do, perhaps other companies might take a look and realize that security can't be blown off.
It's beyond belief that T-Mobile would even think of handing the ritual fraud monitoring gig to Experian. It may well be that the latter offered to do it cut price or even for free as it was their problem in the first place. But surely the likely reaction should have been predictable. What were they thinking - no, were they even thinking?
I don't have the concern "I wouldn't trust Experian to do the monitoring", they are one of the three big credit agencies (Experian, Equifax, and TransUnion). But it'd gall me if Experian lost my data, then got away basically penalty-free (either actually got paid to provide protection, or provide it "on the house".. since they are a credit agency this'd cost them almost nothing.) I'd prefer T-Mo get protection from someone else then collect from Experian for it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
