Skip to main content

Data stolen from Experian already being sold online

Experian is already feeling the consequences of the recent hack in which full data of more than 15 million users has been stolen.

Irish security startup Trustev has told VentureBeat that the data stolen is already being sold on the dark web. “This morning they saw listings go up for “FULLZ” data that matches the same types of information that just came out of the Experian hack,” the security firm said.

“FULLZ” is a slang term describing a full data set which includes an individual’s name, social security number, birth date, account numbers, and other data.

This matches exactly the data stolen from Experian last week: for each of 15m people who applied for a T-Mobile contract between September 1, 2013 and September 16, 2015, data accessed by hackers included their name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile's own credit assessment.

However, data being sold online is not the worst thing that can happen to Experian, Telegraph’s Madhumita Murgia ssays. What’s even worse is that this data can be cross-referenced to anonymous health records, as well.

“If a hacker can gain access to these health records, or any anonymized health datasets made available to commercial and academic research organizations, they can easily cross-reference the date of birth or address records from, say, the T-Mobile dataset (which does contain names), and find a person’s entire health record within minutes.”

The result of having your health or genetic data stolen has far more wide-ranging consequences than your financial identity, starting with simple blackmail, Telegraph concludes.