A number of Michigan news sources such as the Detroit News are reporting that an indictment has been unsealed against five Detroit men who used T-Mobile USA records to find customers with good credit. They then allegedly opened accounts with HSBC to obtain credit that they used to purchase computers and other electronics from Hewlett Packard, which they then re-sold in the Detroit area. About 200 T-Mobile customers from 16 states reportedly had their data misused.
None of the media reports have indicated how the men obtained the T-Mobile customer data, and a call to the U.S. Attorney’s Office has not yet been returned. In 2006, T-Mobile had a breach that was never reported publicly until October 2008 when the company discovered that some of the data were for sale on the internet. Whether this breach is related to those reports or is related to another breach that may never have been publicly revealed remains to be seen.
(Thanks to Wilma of the Identity Theft Resource Center for alerting to me to this story)
See update here.