Experian announced on Thursday that one of its business units was hit by a serious data breach, exposing the personal information of over 15 million T-Mobile customers. T-Mobile uses Experian to assess potential customer’s credit worthiness.
While credit card information was not obtained, data acquired from T-Mobile includes names, dates of birth, addresses, and Social Security numbers. In some cases, ID like a drivers’ license or passport number was acquired, in addition to other information T-Mobile uses for credit assessments.
Customers who applied for T-Mobile postpaid services between the dates of September 1, 2013 and September 16, 2015 were affected. If you were affected, Experian will notify you, and will offer you two years of credit monitoring and identity protection via ProtectMyID.
I hear you re: Experian as service protection option. I am moving as fast as possible to get an alternate option in place by tomorrow.
— John Legere (@JohnLegere) October 1, 2015
T-Mobile CEO John Legere sent an open letter to T-Mobile customers, as well as posting on Twitter about the breach.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
Experian says there is no evidence so far that the data obtained in the breach has been used by the bad guys, and also notes that steps have been taken to prevent additional attacks. This is known as the “oh, let’s close the barn door now,” method of protection.