On the Experian/T-Mobile Data Breach

It finally happened. After somehow dodging a series of high-profile (and ever larger, or not?) data breaches at the likes of Sony, TJMaxx, LivingSocial, EBay, Target, HomeDepot, the IRS, JP Morgan Chase, Anthem and more, I’ve finally been notified that I might be impacted by the latest data breach at Experian.

The letter I got from Experian is chock full of corporate euphemisms. Here’s my attempt at reading between the lines:

Experian - Regarding T-Mobile Data Breach

Experian has a not-very-helpful FAQ page on this. Here’s a gem from that page:

Q: Isn’t all of my personal data that was exposed enough to steal my identity?

A: The information that was exposed could lead to an increased risk of identity theft. Although we have no evidence suggesting your personal information has been misused, we take our obligation to help you protect your information very seriously, and deeply regret that this has happened.

WTF? So you’re saying leaking my name, address, SSN, driver’s license and more “could lead to an increased risk of identity theft”? Gee, thanks for clarifying. And I’m thrilled to hear there’s no evidence my personal information has been misused (yet). Should I also take comfort in knowing my information is out there, probably getting packaged up to be sold on the dark web? And yes, your deep regret is exactly what I need in this time of need.

Here’s another gem from “What steps have you taken to remediate the issue?”

assessing and removing malware or improper connectivity

That’s right folks, Experian’s production systems have malware and/or “improper connectivity”. I don’t even have words.

Can someone please disrupt the “credit score” industry please. The level of incompetency is mind-boggling.

But here’s the kicker. Experian is providing complementary 2 yr credit monitoring via ProtectMyId — the sole reason d’aitre of this service is to provide monitoring for users impacted by Experian data breaches it seems! Note also that this isn’t the first time Experian has lost user data. There was another “incident” back in 2012/2014.