If you’re just waking up this morning and are a T-Mobile or Experian customer you’re in for quite the shock.
According to multiple news reports, and confirmed by T-Mobile’s CEO John Legere himself, Experian (T-Mobile’s credit processing vendor) experienced a data breach that may affect as many as 15 million people.
Here’s what we know so far:
- The data breach was Experian’s fault, not T-Mobile’s
- Information such as names, addresses and birthdays were definitely compromised
- Encrypted fields such as social security numbers and other ID numbers (such as driver’s license and passport numbers) may have also been compromised
- Experian handles data for T-Mobile’s credit checks that every customer is put through before a phone is leased to them
- The data breach potentially affects anyone who signed up for T-Mobile service and had a subsequent credit check between September 1, 2013 and September 16, 2015
Based off the facts that we currently have, T-Mobile’s data breach is reminiscent of Target’s 2014 breach that occurred right around the holiday season. However, since T-Mobile provides cellular and data services to its customers, the threat here lies in the fact that the heist contained stolen personal data rather than credit and debit card numbers.
This of course is not a silver lining for T-Mobile. As a mobile services provider that is trying to climb the ranks in the mobile world and take the No. 1 or 2 positions away from the likes of Verizon and AT&T, this is a big blow. Data breaches like these bring the trustworthiness of a company into question, and the fact that the breach occurred on the end of a third-party vendor contract, the question of leadership for the company is also brought into question.
With that said, the steps T-Mobile has taken in the wake of this breach to answer consumer’s questions and put their minds at ease is impressive and a course of action all major companies should take, or at least consider, if and when a data breach finally hits them.
Let’s now take a deeper look at three ways T-Mobile correctly handled this crisis:
- Legere’s letter to consumers: When T-Mobile customers log in to their online account pages today, they’ll notice two alerts that weren’t there the night before. One is a letter from Leger “in response to the Experian security incident.” This is important for a few reasons. First and foremost, Legere reinforces the provider’s image as “the un-carrier” by opening up with; “I’ve always said that part of being the Un-carrier means telling it like it is. Whether it’s good news or bad, I’m going to be direct, transparent and honest.” And he doesn’t hold back in his letter by immediately diving into important details customers need to know, identifying where the problem occurred, taking responsibility for contracting the vendor (and mentioning they may no longer be contracted by T-Mobile) and finally acknowledging that this incident has made his company less trustworthy and that he will fight to gain that trust back every day. As we discussed in a previous post, honesty will get you everywhere, and Legere’s letter is the right move at the right time for T-Mobile.
- Answering FAQs: The second alert T-Mobile customers will find, below Legere’s letter, is Experian’s FAQ on the data breach. Clicking the link brings you to Experian’s website, a move that was most likely done out of a feeling of obligation. However, T-Mobile didn’t simply call it a day by providing users with a link to Experian’s damage control page. T-Mobile also went as far as to provide their own FAQ with additional T-Mobile-specific FAQs. This shows customers that the company is going the extra mile to get them the information they need to help address any issues that they may experience because of this breach. The FAQ is a small gesture, but it’s one that hopefully won’t go unnoticed by customers.
- Helping customers protect their IDs: As you might notice, a lot of the good T-Mobile has done throughout this unfortunate situation has been in providing consumers with resources for the potential problems they may be experiencing. T-Mobile left no stone unturned in providing resources for their consumer base. Considering the fact that sensitive personal information might have been breached, T-Mobile’s CEO’s letter to customers also included a link to protectmyID.com/securityincident to take advantage of two years of free credit monitoring and identity theft resolution services. This service is provided by Experian specifically for this security incident and provides consumers with $1 million identify theft insurance coverage.
At the end of the day, no company, brand or organization wants to be on T-Mobile’s end of a data breach, especially when the security failure was the responsibility of a third-party vendor. However, when incidents like these occur, they serve as an unwelcomed opportunity to show your consumers exactly where you stand. T-Mobile definitely rose to the occasion and handled this data breach incident to the best of their abilities.