NCSA statement following report of data breach at Experian, Exposing T-Mobile Customer Data


Following a massive data breach at Experian, 15 million current or former T-Mobile customers woke up this morning to unsettling news: their sensitive personal information – names, addresses, Social Security numbers, birthdays and unique identification numbers – is now likely in the hands of malicious hackers.   

According to news reports, this is not the first time Experian has faced a data breach of this nature. It’s not surprising that data brokers or credit bureaus ‒ who collect millions of people’s most private details – are prime targets for cybercriminals, but it is disconcerting. More than 80 percent of data breach victims firmly place the responsibility of protecting their information on data brokers, according to a new victim impact survey by the Identity Theft Resource Center. Following a string of recent attacks on Experian and others, it is clear that data brokers need to do more to meet consumers’ expectations.

“When consumers entrust companies with their personal information, they expect their data to be stored as safely and securely as possible and their privacy protected,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “Learning that this trust has been broken – through no fault of their own – can be highly distressing. As much as we have come to rely on technology, we must do so with the understanding that it is not risk-free. We urge anyone impacted by this incident to take actionable steps to better protect their digital data, such as by turning on two-factor authentication on email and financial accounts, not clicking on suspicious links, and using public WiFi wisely.”

This breach occurs at the start of National Cyber Security Awareness Month, co-led by the Department of Homeland Security and the National Cyber Security Alliance, and serves as a reminder of the need for everyone to take steps to be safer and more secure online. It is a good time to remind consumers impacted by this breach – and everyone else – to take the following proactive steps to better secure their digital lives: 

  1. Get two steps ahead and protect core accounts ‒ such as email, financial services, and social networks ‒ with multifactor authentication. Multifactor authentication requires a second step, such as a text message to a phone or the swipe of a finger to be used in addition to a password to log on to an account. This second step makes it significantly harder for accounts to be accessed by others. Email accounts in particular are extremely important to protect as once breached, hackers can use them to reset passwords and credentials for other accounts. For more information visit
  2. Clean and keep clean all machines. Immediately update all software on every Internet-connected device. All critical software including PCs and mobile operating systems, security software and other frequently used software and apps should be running the most current versions.
  3. Monitor activity on your financial and credit cards accounts. If appropriate, implement a fraud alert or credit freeze with one of the three credit bureaus (this is free and may be included if credit monitoring is provided post breach). For more information, visit the Federal Trade Commission website:
  4. Change passwords on accounts that don’t offer multifactor authentication. Change and make better passwords. Passwords should be strong and easy to remember. It is always better if they are longer and consist of combinations of passphrases, numbers and symbols. Important accounts should have unique passwords not used to access any other accounts.
  5. When in doubt, throw it out. Scammers and others have been known to use data breaches and other incidents to send out emails and posts related to the incident to lure people into providing their information. Delete any suspicious emails or posts and get information only from legitimate sources.

Data breaches have become more commonplace, and everyone should take these simple, actionable steps to protect themselves online. It is also important to respond quickly in the wake of hearing or suspecting that personal information has been lost or stolen.


Other helpful resources include: (general online safety and security information)  (the Federal Trade Commission’s website to guide consumers after your information is lost (resources for small and medium businesses and information about consumer scams and fraud) (for help with identity theft)

If you believe you have been the victim of a cybercrime you can report it to:  The Internet Crime Complaint Center at


Media Contact

Jessica Beffa