Data hack hits 350,000 T-Mobile customers in Arizona

A credit-bureau data breach might affect 15 million people - including over 350,000 people in Arizona who sought to become T-Mobile customers in the past two years, according to a statement from Arizona attorney general Mark Brnovich.

T-Mobile customers were yesterday urged to place fraud alerts on their credit reports as soon as possible, by the attorney general.

Identification information of customers who applied for T-Mobile services between 1 September, 2013, through 16 September 2015, was exposed with the hack.

Experian said victims' Social Security numbers, passport numbers, driver's licenses, names and addresses were exposed in the breach.

''Consumers need to take extra steps to safeguard against identity theft when a Social Security number is stolen, versus a stolen credit-card number," Brnovich said, azcentral.com reported. "Putting a fraud alert on your credit is the best way to protect yourself.''

Credit reports with fraud alerts require businesses to verify identity before issuing credit and they also made it more difficult for identity thieves to open an account under a stolen name, according to a statement from Brnovich's office.

In its FAQ explaining the data breach, Experian said it was investigating the breach and working with law enforcement to get to the bottom of the matter.

By Wednesday, as many as five lawsuits were under way against T-Mobile and Experian, all seeking class-action status to represent persons affected by the breach.

Companies and government agencies had been adopting stringent measures to counter hackers as they targeted troves of personal data that could be sold on the black market and used for carrying out financial crimes.

''What makes the most recent breach so ironic is that Experian holds itself out as an expert in the field of data protection, touting its revenues in this area in the amount of $4 billion annually,'' one of the plaintiffs said in a complaint.

Experian Information Solutions Inc, the US unit of London-based Experian, stored the data on its servers to perform credit checks on current and potential T-Mobile customers.

According to the plaintiffs, who accuse the companies of negligence and violations of consumer protection laws, the stolen data was already appearing for sale in corners of the internet known as the dark web.

''Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,'' John Legere, T-Mobile's chief executive officer, wrote earlier in a letter to consumers.