-
Customers who used a payment card between May 19, 2014 and June 2, 2015, may have had their full set of card data stolen.
October 1 -
In updating cards with EMV technology, Visa and MasterCard have neglected an important element of what makes the security standard so successful elsewhere. The need for PIN verification is clear.
October 1 -
Banks are starting to lay traps for cybercriminals that have broken through their defenses.
September 14 -
Visual hacking has emerged as a dangerously straightforward way to pierce banks' complex security systems. Here's how banks can ward off malevolent shoulder-surfers.
September 8
A server containing sensitive consumer information at Experian has been breached, with the records of as many as 15 million T-Mobile customers stolen, the companies said Thursday.
There is no evidence that the stolen information has been used for fraud, the firms said.
The news came at the same time as the American Bankers Association separately said that email addresses and passwords used to make purchases or register for events through its online shopping cart had been compromised. At least 6,400 users' records had been posted online, the trade group said, though there was no evidence that credit card or other personal financial information had been accessed.
The breaches underscore the escalating cyber threats facing the financial services industry, which businesses and consumers entrust to protect valuable private information.
In the incident at Experian, the affected customers had applied for device credit or credit checks from T-Mobile from September 2013 through mid-September of this year. The breach was "an isolated incident" limited to one Experian client, T-Mobile, at an Experian unit called Decision Analytics, and did not affect the information services giant's consumer credit bureau business, the company said.
"Records containing a name, address, Social Security number, date of birth, identification number (typically a driver's license, military ID, or passport number) and additional information used in T- Mobile's own credit assessment were accessed," Experian said in a frequently asked questions
"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian," Legere wrote, though at the moment his priority is helping affected customers. "I take our customer and prospective customer privacy VERY seriously."
A spokeswoman for Experian said the encryption issue was "still under investigation," but that early assessments indicate its keys could indeed have been compromised.
Experian said that when it discovered the breach, it "took immediate action, including securing the server, initiating a comprehensive investigation, and notifying U.S. and international law enforcement." It is notifying affected customers and offering them two years' free credit monitoring and identity resolution services.
Similarly, the ABA said in an email to members that it is "working with a cybersecurity forensics company to identify the origin and full extent of this breach." In the meantime, the trade group has reset user passwords and is encouraging members to log in and create new ones. The ABA did not immediately respond to an email seeking further comment.
Experian has had data leak issues before. Earlier this year, the company was hit with a class-action lawsuit for allegedly selling consumer records containing personally identifiable information to an identity thief. The data sales in question were conducted by a consumer data