If you ever applied for device financing or service from T-Mobile anytime in the last two years, your personal information might have been stolen by hackers.
T-Mobile says as many as 15 million people may have been affected by the data breach, an attack that didn’t compromise T-Mobile’s own systems but rather those of its credit partner — the data vendor and credit bureau Experian. To be clear, the hack hurts even non-subscribers to T-Mobile — credit applicants who for whatever reason ultimately went with another service.
One of our vendors, Experian, experienced a data breach. See what we’re doing about it: https://t.co/1oTcclmGXe
— John Legere (@JohnLegere) October 1, 2015
Experian says no credit card or banking data was stolen as part of the attack, which began in September 2013 and wasn’t discovered until two years later, on Sept. 15.
But just because your financial information may be safe doesn’t necessarily mean the rest of your personal information is secure: names, addresses, Social Security numbers, birth dates and driver’s license and passport numbers were all leaked. Some of this data was encrypted, but Experian’s encryption may have been compromised, according to T-Mobile.
T-Mobile is offering two years of free credit monitoring to those who think they may have been affected. But it’s no small irony to note that the credit monitoring service is being provided by none other than Experian itself.
Experian says its own consumer credit database “was not accessed” in the incident, but the fact that any systems run by Experian were breached at all is problematic: Experian is one of the major credit scoring agencies in the country, and it safeguards vast amounts of data on everyday Americans.
T-Mobile chief executive John Legere said in a statement that he is “incredibly angry about this data breach” and vowed to review the company’s relationship with Experian. He also tweeted that T-Mobile is looking to offer alternatives to Experian’s credit monitoring program, but did not disclose what those might be.
“Right now,” he said in a company statement, “my top concern and first focus is assisting any and all consumers affected.”
Here’s T-Mobile’s notification about the breach, as well as Experian’s. An Experian spokesperson didn’t immediately respond to a request for comment.
This article was written by Brian Fung;Andrea Peterson from The Washington Post and was legally licensed through the NewsCred publisher network.