Breach may have exposed 15 million T-Mobile records
A hacker has acquired the records of 15 million T-Mobile customers and people who had applied for credit, the company reported Thursday.
The breach occurred at Experian, the vendor that processes TMobile’s credit applications, TMobile CEO John Legere said at t-mobile.com.
Experian North America said in a notice that one of its business units was compromised but that its consumer credit bureau was not affected. Experian immediately secured the server and began an investigation.
It has notified both U.S. and international law enforcement. Experian North America’s parent company, Experian, is headquartered in Dublin, Ireland.
“The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for ser- vice or device financing from September 1, 2013 through September 16, 2015,” Legere wrote.
In a refreshing change from the corporate-speak often used by CEOs whose businesses are breached, T-Mobile’s Legere stayed true to form with his directness.
“Obviously I am incredibly angry about this data breach,” he said, saying that he would conduct a “thorough review” of his company’s relation- ship with Experian but that his top concern for now was “assisting any and all consumers affected.”
The compromised information includes customers’ names, addresses and birth dates as well as encrypted fields with Social Security number and ID number, which could be a driver’s license or passport number.
Experian told T-Mobile the encryption protecting those num- bers may have been compromised, Legere said.
Experian and T-Mobile have set up two years of free credit monitoring and identity resolution services for compromised customers.
The service is being offered through Experian’s own credit monitoring service.
Experian cautioned consumers that neither Experian nor T-Mobile would call them or send them messages asking for personal information in connection with the breach.