back to article Experian, T-Mobile US settle data spills for mere $16m

Experian and T-Mobile US have reached separate settlements with 40 states in America following a pair of data security breaches in 2012 and 2015. The settlement will net authorities $16 million, along with assurances it won't happen again. Experian will be bearing the largest brunt of the fine, with $14 million coming from the …

  1. Kevin McMurtrie Silver badge

    Maybe 1 penny per spam

    I've received maybe 200 SMS spams for fake stores hosted by a gang with a consistent hosting combination of Namecheap, Salesforce, Amazon, Cloudflare, High Speed Web, and Google. Some of those systems have trivial APIs that can be browsed to examine the database. My information source was listed as T-Mobile.

    I'd like to give a special F-U to T-Mo for leaking my data and the lawyers for making sure there's no meaningful compensation. That's on top of the ongoing F-U to Namecheap, Salesforce, Amazon, Cloudflare, High Speed Web, and Google for playing dumb (or being authentically dumb) when they receive an abuse complaint.

    1. the spectacularly refined chap

      Re: Maybe 1 penny per spam

      Bollocks. There's so much that doesn't ring true here that I simply can't enumerate it.

      If you had the evidence you describe it'd be a slam dunk in court or for any regulator. I very much doubt any hacker expecting a profit would have a "database" on the host system to gain access to with your expert knowledge, it'll be a simple list to blast through.

      I could carry on more or less forever but the bell for last orders has just gone.

      1. Kevin McMurtrie Silver badge

        Re: Maybe 1 penny per spam

        Plenty of scammers have large, long-running infrastructures. This specific scammer had REST services at that was used to pre-populate web forms and downstream trackers. You could query it with parameter 'phone' from 0000000000 to 9999999999 and get back JSON describing all customers' names, addresses, gender, age, various PI, successful scams, and the origin of the data. It was quite fun to explore. The scammer eventually caught on and switched to using identifier codes rather than plain text.

        The scammer is rotating domain names but still alive and well on the same infrastructure. Have your browser impersonate an iPhone and load while recording requests.

    2. This post has been deleted by its author

  2. Missing Semicolon Silver badge

    Validated IT expenditure decisions

    Much, much cheaper to pay the fines ("settlements") than spend money on actual security.

    Security breaches are virtually free. It seems the fines are inversely proportional to the number of affected people.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like