T-Mobile data stolen from the servers of credit bureau Experian is already showing up for sale on the Dark Web, says one security firm.
The Irish fraud prevention startup Trustev, which monitors such data sales listings, sent VentureBeat screen shots of listings of data it believes originated from the Experian theft, which was reported Thursday.
Experian failed to protect the personal data of 15 million consumers who were applying for T-Mobile postpaid services.
“This morning they saw listings go up for FULLZ data that matches the same types of information that just came out of the Experian hack,” the security firm’s spokesperson wrote in an email Friday.
“Fullz” is a slang term used by hackers and data brokers to refer to a full package of an individual’s personal identifying information. Such data sets typically include an individual’s name, social security number, birth date, account numbers, and other data.
“Once fraudsters get their hands on data, they typically unload it very quickly,” the Trustev spokesperson said. “So like I said, it’s not definitely T-Mobile/Experian, but it’s extremely likely considering the type of data and timing.”
Experian claims that no payment card or banking information was obtained in the hack. Even if that’s true, fraudsters and identity thieves can often piece together a full consumer profile using the type of data stolen from Experian.
Experian said Thursday that the stolen T-Mobile records contained name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile’s own credit assessment.
The company said in a blog post that the data was stolen when hackers attacked a server which contained personal information from consumers who applied for T-Mobile USA postpaid services between Sept. 1, 2013 and Sept. 16, 2015.
“At this time, we have no indication that T-Mobile’s information has been used inappropriately,” Experian said in a Q&A about the hack.