DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

T-Mobile customers affected by the Experian breach can sign up with CSID for identity protection services

Posted on October 6, 2015 by Dissent

If you are a T-Mobile customer whose data was caught up in the Experian breach, there is now an alternative to the two-year offer of Experian’s ProtectMyID service. T-Mobile has made arrangements with CSID as an alternative. You can read the details and sign up at https://www.csid.com/t-mobile/ . Thanks to Steve Ragan for sharing that info with me.

Although John Legere announced the availability of an alternate product earlier today on Twitter, the CSID alternative is being dealt with somewhat strangely on Experian’s breach web site, T-Mobile’s breach web site, and on Twitter. Experian’s breach info page simply says:

Those affected by this incident can obtain more information or enroll in these services by:

  • Visiting www.ProtectMyID.com/SecurityIncident
  • Calling 866-369-0422 to enroll in ProtectMyID or the alternative identity protection product
  • Sending an email with questions to [email protected]

Did you catch it? If you go to the url in the first bullet, you can conveniently sign up online for ProtectMyID (Experian’s product), but you have to call them to enroll in the unnamed alternative product – even though there’s a web page and url they could have directed you to.

And watching Twitter today, it seems that at least some of those who called the number to ask about the “alternative identity protection product” reported being told that the unnamed product was not available. Hopefully, Experian’s sorted that out by now, but T-Mobile USA would not answer my question as to why neither Experian nor T-Mobile would name the alternative product on the breach FAQ web sites or on Twitter. Was some kind of deal cut? You’d think T-Mobile – owing a duty to its customers and applicants – would be more transparent in announcing the availability of another identity protection service as an alternative to Experian’s own product.

So why has T-Mobile studiously avoided naming CSID as an alternative offering, and why hasn’t Legere and/or T-Mobile USA provided direct links to the CSID sign-up in both their tweets and on T-Mobiles breach FAQ?

In any event, do keep in mind that neither of the available services will prevent identity theft. If you’re really concerned, you should follow the steps under your state’s law to place a security freeze with credit reporting agencies (Equifax has a helpful chart with state by state information). A less extreme measure is to place a fraud alert on your credit reports.

So far, both companies maintain that there is no evidence of misuse. Other than one company, Trustev, that reported seeing  data that could be from this incident up for sale on the dark web, I have not seen any other such reports.

The Good and the Bad

To my knowledge, T-Mobile is the first company to ever make arrangements for a non-Experian product in the wake of an Experian data breach. I give them credit for that, BUT: why was the Experian product in their contract initially instead of an alternative? And how many other businesses that contract with Experian have contracts that specify that Experian can provide (only) its own product (e.g., ProtectMyID) in the event of a breach?

As I complained to the FTC in 2012, Experian should not be allowed to offer only its own product to consumers in the event Experian has a data breach – particularly since those same consumers may continue with Experian after the “complimentary” period ends, thereby increasing Experian’s revenues as a result of the breach.

Can you hear me now, FTC?

No related posts.

Category: Business SectorOf NoteU.S.

Post navigation

← Danish Bank Leaves Server in Debug Mode, Exposes Sensitive Information in JavaScript Comments
FBI probe of Clinton e-mail expands to second data company →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.