Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.


T-Mobile data stolen from the servers of credit bureau Experian is already showing up for sale on the Dark Web, says one security firm.

The Irish fraud prevention startup Trustev, which monitors such data sales listings, sent VentureBeat screen shots of listings of data it believes originated from the Experian theft, which was reported Thursday.

Experian failed to protect the personal data of 15 million consumers who were applying for T-Mobile postpaid services.

“This morning they saw listings go up for FULLZ data that matches the same types of information that just came out of the Experian hack,” the security firm’s spokesperson wrote in an email Friday.

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

Screen Shot 2015-10-02 at 12.04.55 PM

“Fullz” is a slang term used by hackers and data brokers to refer to a full package of an individual’s personal identifying information. Such data sets typically include an individual’s name, social security number, birth date, account numbers, and other data.

“Once fraudsters get their hands on data, they typically unload it very quickly,” the Trustev spokesperson said. “So like I said, it’s not definitely T-Mobile/Experian, but it’s extremely likely considering the type of data and timing.”

Screen Shot 2015-10-02 at 12.05.14 PM

Experian claims that no payment card or banking information was obtained in the hack. Even if that’s true, fraudsters and identity thieves can often piece together a full consumer profile using the type of data stolen from Experian.

Experian said Thursday that the stolen T-Mobile records contained name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile’s own credit assessment.

The company said in a blog post that the data was stolen when hackers attacked a server which contained personal information from consumers who applied for T-Mobile USA postpaid services between Sept. 1, 2013 and Sept. 16, 2015.

“At this time, we have no indication that T-Mobile’s information has been used inappropriately,” Experian said in a Q&A about the hack.
Screen Shot 2015-10-02 at 12.05.28 PM

 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.