T-Mobile data stolen from the servers of credit bureau Experian is already showing up for sale on the Dark Web, says one security firm.

The Irish fraud prevention startup Trustev, which monitors such data sales listings, sent VentureBeat screen shots of listings of data it believes originated from the Experian theft, which was reported Thursday.

Experian failed to protect the personal data of 15 million consumers who were applying for T-Mobile postpaid services.

“This morning they saw listings go up for FULLZ data that matches the same types of information that just came out of the Experian hack,” the security firm’s spokesperson wrote in an email Friday.

Screen Shot 2015-10-02 at 12.04.55 PM

“Fullz” is a slang term used by hackers and data brokers to refer to a full package of an individual’s personal identifying information. Such data sets typically include an individual’s name, social security number, birth date, account numbers, and other data.

“Once fraudsters get their hands on data, they typically unload it very quickly,” the Trustev spokesperson said. “So like I said, it’s not definitely T-Mobile/Experian, but it’s extremely likely considering the type of data and timing.”

Screen Shot 2015-10-02 at 12.05.14 PM

Experian claims that no payment card or banking information was obtained in the hack. Even if that’s true, fraudsters and identity thieves can often piece together a full consumer profile using the type of data stolen from Experian.

Experian said Thursday that the stolen T-Mobile records contained name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile’s own credit assessment.

The company said in a blog post that the data was stolen when hackers attacked a server which contained personal information from consumers who applied for T-Mobile USA postpaid services between Sept. 1, 2013 and Sept. 16, 2015.

“At this time, we have no indication that T-Mobile’s information has been used inappropriately,” Experian said in a Q&A about the hack.
Screen Shot 2015-10-02 at 12.05.28 PM



VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member