It seems that data breaches are becoming more and more common recently, in the last week there have been two more high profile cases with both Experian & Scottrade officially announcing that their systems have been compromised.
Experian/T-Mobile
On October 1st Experian confirmed that personal information of approximately 15 million consumers that applied for a T-Mobile post-paid services from Sept. 1, 2013 through Sept. 16, 2015. The following information was stolen:
- Name
- Address
- Social Security Number
- Date of Birth
- Identification number (typically a driver’s license, military ID, or passport number)
- Additional information used in T-Mobile’s own credit assessment were accessed
No payment card or banking information was stolen. If you information was accessed during this breach, you’ll be notify by mail and also have access to two years of free credit monitoring and identity theft resolution from protectmyid (this is required by law in the event of a data breach). You can access this at the following address:Â https://www.protectmyid.com/securityincident
Given that Experian specializes in compiling and maintaining data like this, it’s extremely worrying that somebody was able to access this information on their servers. I’d be surprised if T-Mobile continues to use Experian in the future, with a letter from their CEO stating:
Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected
Scottrade
Scottrade’s data breach goes back much further, they recently released a statement that says that the personal data of approximately 4.6 million past & present Scottrade customers was accessed in late 2013/early 2014. They believe that the attackers were primarily focused on the names and addresses of Scottrade customers, although other information (such as Social Security Numbers) was stored on the same server that was accessed. Scottrade said they had no reason to believe that the trading platform or client funds were compromised in anyway.
Scottrade will provide one year of free credit monitoring through AllClearID, details of how to sign up will be included in the direct correspondence that Scottrade sends to customers that are affected.
What Should You Do
Even if you’re not the victim of one of these data breaches, you should always keep an eye out for suspicious behavior when it comes to your identity. There are a few simple things you can do:
- Use a free credit monitoring service to ensure nobody is using your identity to get credit in your name
- Regularly check your credit reports for anything unusual
- Always shred documents that contains personal information
- Follow up on anything that seems or looks suspicious
All of the really sensitive information in both cases (e.g social security numbers) was encrypted, which is a good thing but it’s amazing the damage people can do with such a little amount of information. I would have thought and hoped that two companies in the financial industry would have much better security than they apparently did.
