15 million T-Mobile records hacked, says Experian

Mobile malwareAround 15 million people who applied for T-Mobile wireless services in the past three years may have had their information stolen after hackers accessed Social Security numbers, birth dates, and other personal information via Experian.

Credit reporting agency Experian – which checks the credit of T-Mobile customers – said it spotted the breach earlier this week and immediately notified law enforcement authorities.

Both companies said that payment card and banking information were not affected but T-Mobile US Inc. CEO John Legere said in an open letter to consumers:

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.”

Third-party vendors have become an attractive target for hackers as they can be an easier way to access companies, especially large organizations. Some of the biggest data breaches in recent years – including Target and Home Depot – were caused because of poor supplier security.

There is hardly an organization that does not rely on suppliers, so it is vital that senior executives become more rigorous with their trading partners when it comes to information risk assurance. If suppliers are going to have access to a company’s data, then it is essential that they are subject to at least the same level of security as the company procuring their services.

Alan Calder, the founder and executive chairman of IT Governance, comments on Experian’s breach:

“Ensuring your suppliers – whether they be your vendors, lawyers, accountants, or, in this case, a credit reporting agency – follow robust information security practices is a must in the current high-risk technological climate. It is imperative that all of your suppliers have a clear and defined cybersecurity framework in place, for your sake as well as theirs.”

ISO 27001 – the globally recognized and highly recommended international standard – describes best practice for an information security management system (ISMS), and accredited registration to the Standard demonstrates that an organization is following international information security best practices.

If suppliers are going to have access to your data, then it is essential that they are subject to at least the same level of security as you.

Find out more about ISO 27001 with our free green paper >> Information Security and ISO 27001 – An Introduction