Update 10/03/2015: T-Mobile has clarified that not all of those affected in the breach are customers and some may have been just applicants to its services. It has provided the following comment: “We know some (not all) T-Mobile customers are affected, and we also know that a substantial portion of that 15M are not T-Mobile customers. We don’t want this latter group thinking they’re OK, when they could be at risk. E.g. they could have applied for service and now be using another wireless provider, so they won’t think this applies to them. We need to get this message out more accurately, so they sign up for protection services.”
Original text: More than 15 million postpaid customers have been impacted by a data breach involving T-Mobile, where names, addresses, and social security numbers were revealed. The “unauthorized acquisition of personal information” actually occurred on a server of the consumer credit agency Experian, and T-Mobile is one of its clients.
Experian said in a blog post today that it discovered the hack on September 15, adding that the hack affected customers over a two-year period. Although the hack exposed some sensitive personal information, Experian stated that no payment card or banking information was accessed by the hackers.
“The unauthorized access was in an isolated incident over a limited period of time,” the blog post said. “It included access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services between Sept. 1, 2013 and Sept. 16, 2015.”
Experian says that it has seen no evidence that any of the data affected has been used inappropriately, but it notified federal and international authorities. The company is contacting those affected, and — as is common practice following a data breach — will be providing free credit monitoring services.
In his own post, John Legere, T-Mobile CEO said he was “incredibly angry” about the breach and that T-Mobile would be reviewing its business relationship with Experian. Legere did stress that none of T-Mobile’s systems have been compromised in the hack.
“I take our customer and prospective customer privacy VERY seriously,” Legere wrote. “This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
If you’re a T-Mobile customer, and you think your information may have been compromised in this hack, you can check out Experian’s website for more info and to sign up for credit monitoring services through ProtectMyID.