Hackers have compromised the personal information of 15 million T-Mobile customers after successfully infiltrating one of Experian’s servers.
John Legere, CEO of T-Mobile, has published a letter about the incident:
“We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. [sic]”
As reported by The Register, the data is believed to have been taken from T-Mobile customers with postpaid accounts, or those who pay their charges after their monthly bills have been processed.
None of T-Mobile’s servers were affected by the incident.
Experian said in a statement that hackers succeeded in compromising a business unit containing customer information for T-Mobile, one of its clients. The global information services group believes that the encryption protecting customers’ personal data may have been compromised, though it has reassured its client base that neither its consumer credit base nor any other customers’ servers were hacked.
As a result of the incident, Experian has secured the affected server, initiated an investigation, and contacted law enforcement.
“We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause,” said Craig Boundy, Chief Executive Officer, Experian North America. “That is why we’re taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation.”
Experian said that it has begun notifying all victims and that it is offering them two years of free credit monitoring. Anyone who believes their data was exposed in the breach can sign up for that monitoring here.
News of this hack follows several months after legal action was filed against Experian for its failure to detect that a customer of its data broker subsidiary was a scammer who sold resold customers’ identities to thieves for nearly 10 months.