Hackers have gained access to the personal information of around 15 million T-Mobile customers that was held on a server owned by credit bureau Experian. Experian was storing the T-Mobile users’ data following credit checks initiated by T-Mobile.
In a letter to customers, T-Mobile CEO John Legere acknowledged the breach and added some details:
the investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment.
Experian’s Q&A on the breach can be found here.
Experian is offering affected T-Mobile customers 2 years of free identity theft protection via ProtectMyID. BillGuard users who were exposed to this breach may activate their free ProtectMyID subscription directly in BillGuard.