Fifteen million T-Mobile customers’ data has been stolen from credit checking organization Experian, and according to Irish security startup Trustev, the data is already for sale on the dark web.
Experian is one of the world’s largest data brokers, tracking, collecting, and compiling swathes of personalized data to sell to the highest bidder.
“This morning they saw listings go up for “FULLZ” data that matches the same types of information that just came out of the Experian hack,” Trustev told tech website VentureBeat.
“Fullz” is slang for a full package of an individual’s personal identity information.
— Anonymous (@GroupAnon) October 3, 2015
According to the data broker’s website, “there were no credit card numbers or account numbers contained in the file accessed, based on our investigation to date.”
But the threat posed by this latest hack attack is the potential for the personal data to be cross-referenced with other data sets, for example health records, exposing a fuller picture of personal information that could be sold on the dark net and bought by cyber criminals.
An anonymous computer software programmer told Sputnik that it is highly likely that the stolen data is already being cross referenced with other records.
“Absolutely. Anyone interested in buying personal data would want that data to be as information-rich as possible. Each breach adds more confidence in these data sets and gives them more value.”
And it’s not the first a big data firm has been hacked into. In 2014, hackers stole information from eBay, forcing customers to change their passwords. A cyber attack on Sony led to a huge data leak of personal emails.
In 2015, hackers claiming links to Islamic State terrorists hacked into US Central Command’s YouTube and Twitter accounts. Recently, hackers threatened to reveal the identity of users on the dating site for married people, Ashley Maddison.
In fact, in the case of the Ashley Maddison hack, swathes of data and user information had also been dumped on the dark web.
However, the hacking of 15 million T-Mobile users’ data from the Experian servers, and the potential for it to be matched up with other data sets not only exposes millions of people to identify fraud — but has the potential to disrupt the data broker’s business model, whose job is to track, collect, compile and sell swathes of data in the first place.