Last week, consumer credit monitoring firm Experian admitted to a recent data breach that exposed the personal information of nearly 15 million T-Mobile US customers. The wireless telecommunications carrier had contracted with Experian to run credit checks of applicants to see whether they qualify for service or promotions. Anyone who completed a credit check application may have been affected; consumers who recently applied for service are reportedly most at risk. The hack was discovered on September 15, but, according to Experian, the hackers nabbed customer data from September 1, 2013 to September 16, 2015.
The stolen records include highly sensitive information, such as applicant names, addresses, and birthdates, and even encrypted data like Social Security or driver’s license numbers. No payment card information was taken, but there is still a risk: thieves can use the other kinds of personal information to steal someone’s identity and open new credit accounts or loans under a false name.
A spokesperson for Connecticut Attorney General George Jepsen said that the office plans to investigate the breach. The incident is just the latest occurrence in a string of high-profile data breaches in recent years. Other major companies hit by hackers in the past include BlueCross BlueShield, Home Depot, and Target.
In an open letter posted October 1 on T-Mobile’s website, CEO John Legere said, “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian. But right now my top concern and first focus is assisting any and all customers affected.” T-Mobile consumers who believe they may have been affected by the data breach can register for two years of free credit monitoring and identity theft protection through ProtectMyID. Experian is taking responsibility for the breach and is currently notifying customers whose information may have been compromised.