On October 1, Experian admitted full responsibility for the loss of T-Mobile customer data. 15 million user records dating back to 2013 were effected in the data breach, with data including sensitive information that may be decryptable like social security numbers and drivers licenses. The news articles say it all. What is terrifying about this breach is not the shear volume of data stolen – we have seen this before – but the amount of time it took to steal it all. A whopping two days! The breach occurred approximately two weeks ago and was detected within two days. The fault was promptly secured but the damage was done in a very short timeframe even with extensive forensics to determine the scope.
Considering that many recent breaches occurred over the course of months or even years, it is refreshing to see that this breach was identified so quickly, and even more encouraging that Experian has taken full ownership of the breach. The problem is that even after two days, detection was not fast enough to mitigate the loss. While details around how the data breach was conducted have not been released, we can only hope it was not as blatant as the poor security practices implemented by Target.
As a data aggregator, Experian truly has the "keys to the kingdom" for many individuals and this breach only emphasizes how important it is to secure sensitive information, encrypt the data, remediate vulnerabilities, and monitor for all privileged access to information.
As details become available, BeyondTrust will continue to monitor the breach and provide updates via our blogs and media outlets. If you have any questions on how BeyondTrust can help secure privileged access to sensitive data, please feel to contact us here.
Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust
Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.