Hackers stole the personal data of 15 million T-Mobile customers by going after the company that processes the wireless carrier's credit checks.
The company, Experian, said on Thursday that it experienced a breach that nabbed customer data from September 1, 2013, to September 16, 2015.
The stolen data includes names, birth dates, addresses, and Social Security and drivers' license numbers, but not credit card or payment information, Experian said. Experian stores the data when it runs a check on a customer's credit score to determine whether they qualify for service, and what promotions they're able to take advantage of. As a result, anyone who went through a credit check, whether it's an existing or former customer, or even an applicant that opted to switch right after the approval process, is at risk.
The breach marks the latest high-profile compromising of personal data, which has included the US government losing the information of 4 million federal workers and health insurer Excellus BlueCross BlueShield seeing 10 million health records exposed. Last year, Home Depot and Target were among the major companies hit by hackers in what have become increasingly dangerous cyberwaters.
T-Mobile CEO John Legere warned his customers in a tweet, blog post and frequently asked questions page. "Obviously I'm incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," he said.
The 15 million people hit by the breach represent more than a quarter of Bellevue, Washington-based T-Mobile's 58.9 million customers, although some of the affected are no longer subscribers. Experian, which is taking responsibility for the breach, said it's in the process of notifying customers who may be affected. Both existing and former customers would receive letters next week, according to a T-Mobile spokesman.
The company is offering two years of credit monitoring and identity protection services through ProtectMyID, which it owns. Any T-Mobile customers, regardless of whether they were affected, can take advantage of the offer here. An Experian spokesman said the fraud resolution service would be available for as long as customers need it.
"We take privacy very seriously and we understand that this news is both stressful and frustrating," said Craig Boundy, chief executive of Experian North America. The company also warned customers to be wary of email and the like; neither T-Mobile nor Experian will contact its customers to seek personal information in connection with the breach.