The personal info of 15 million T-Mobile USA customers stolen in the recently revealed Experian breach is possibly being already sold on the Dark Web.
Irish fraud prevention company Trustev, which keeps an eye on data sale listings popping up on underground online markets, says that listings that offer “fullz” that contain the name, Social Security number, date of birth, driving licence number, email address, phone number, and physical address of US-based individuals, have been popping up a day after the breach and data theft was made public.
It’s still not confirmed that the data for sale originated from the T-Mobile/Experian hack, but as a Trustev spokesperson told Venture Beat, “it’s extremely likely considering the type of data and timing.”
Following the revelation of the breach, T-Mobile CEO John Legere said they will be reviewing their relationship with Experian.
In the meantime, affected customers made their feelings known about the fact that Experian offered them their own ProtectMyID credit monitoring and identity resolution services. They (sensibly) asked themselves whether they want the company who failed to protect their data be in charge of protecting them against the malicious exploitation of that data, and concluded that they don’t want to.
So T-Mobile made Experian offer an alternative for fraud monitoring services (TransUnion’s CSID service):
For everyone who’s been hit by this breach and other similar ones, Motherboard has some good advice on what to do to protect themselves.