DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

T-Mobile customers affected by the Experian breach can sign up with CSID for identity protection services

Posted on October 6, 2015 by Dissent

If you are a T-Mobile customer whose data was caught up in the Experian breach, there is now an alternative to the two-year offer of Experian’s ProtectMyID service. T-Mobile has made arrangements with CSID as an alternative. You can read the details and sign up at https://www.csid.com/t-mobile/ . Thanks to Steve Ragan for sharing that info with me.

Although John Legere announced the availability of an alternate product earlier today on Twitter, the CSID alternative is being dealt with somewhat strangely on Experian’s breach web site, T-Mobile’s breach web site, and on Twitter. Experian’s breach info page simply says:

Those affected by this incident can obtain more information or enroll in these services by:

  • Visiting www.ProtectMyID.com/SecurityIncident
  • Calling 866-369-0422 to enroll in ProtectMyID or the alternative identity protection product
  • Sending an email with questions to [email protected]

Did you catch it? If you go to the url in the first bullet, you can conveniently sign up online for ProtectMyID (Experian’s product), but you have to call them to enroll in the unnamed alternative product – even though there’s a web page and url they could have directed you to.

And watching Twitter today, it seems that at least some of those who called the number to ask about the “alternative identity protection product” reported being told that the unnamed product was not available. Hopefully, Experian’s sorted that out by now, but T-Mobile USA would not answer my question as to why neither Experian nor T-Mobile would name the alternative product on the breach FAQ web sites or on Twitter. Was some kind of deal cut? You’d think T-Mobile – owing a duty to its customers and applicants – would be more transparent in announcing the availability of another identity protection service as an alternative to Experian’s own product.

So why has T-Mobile studiously avoided naming CSID as an alternative offering, and why hasn’t Legere and/or T-Mobile USA provided direct links to the CSID sign-up in both their tweets and on T-Mobiles breach FAQ?

In any event, do keep in mind that neither of the available services will prevent identity theft. If you’re really concerned, you should follow the steps under your state’s law to place a security freeze with credit reporting agencies (Equifax has a helpful chart with state by state information). A less extreme measure is to place a fraud alert on your credit reports.

So far, both companies maintain that there is no evidence of misuse. Other than one company, Trustev, that reported seeing  data that could be from this incident up for sale on the dark web, I have not seen any other such reports.

The Good and the Bad

To my knowledge, T-Mobile is the first company to ever make arrangements for a non-Experian product in the wake of an Experian data breach. I give them credit for that, BUT: why was the Experian product in their contract initially instead of an alternative? And how many other businesses that contract with Experian have contracts that specify that Experian can provide (only) its own product (e.g., ProtectMyID) in the event of a breach?

As I complained to the FTC in 2012, Experian should not be allowed to offer only its own product to consumers in the event Experian has a data breach – particularly since those same consumers may continue with Experian after the “complimentary” period ends, thereby increasing Experian’s revenues as a result of the breach.

Can you hear me now, FTC?

Category: Business SectorOf NoteU.S.

Post navigation

← Danish Bank Leaves Server in Debug Mode, Exposes Sensitive Information in JavaScript Comments
FBI probe of Clinton e-mail expands to second data company →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.