T-Mobile USA announced Thursday that a data breach at credit firm Experian may have led to the theft of personal information on about 15 million American consumers.
The data in question includes names, birth dates, addresses and Social Security numbers as well as other forms of ID such as drivers’ license numbers, according to statements from both firms. Keep in mind that impacted individuals may not be current T-Mobile subscribers — you are potentially impacted if you applied for T-Mobile postpaid services or device financing any time from September 1, 2013 to September 16, 2015.
As Experian pointed out in its press release, there is no sign that the data has been used inappropriately to date. T-Mobile also specifically noted that its consumer credit database was not affected.
This incident is, however, just the most recent embarrassing security event at Experian, a popular credit-data provider whose services are used today by consumers to monitor their personal credit.
More on Experian / T-Mobile data breach
The statements from the companies noted that data taken did not include payment card numbers or bank account information. T-Mobile also emphasized that its internal systems and network were not involved in any way. Of note, Experian was legally storing the credit application information it took in to make credit decisions and in fact was required to maintain the electronic data for at least 25 months.
In a related development, a Vietnamese man was sentenced to 13 months earlier this summer for a breach of 200 million personal records at Court Ventures, an Experian holding company.
Statements from T-Mobile CEO John Legere
T-Mobile CEO John Legere was clearly upset about the breach, as he blasted partner Experian for the data breach.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” but his main concern now is helping those who were affected, Legere said in a letter posted on T-Mobile’s website.
The firms also said anyone who may have been impacted by the breach could sign up for two years of free credit monitoring and identity protection services from ProtectMyID (division of Experian). The irony of that offer did not escape critics in the Twittersphere.
“I hear you re: Experian as service protection option. I am moving as fast as possible to get an alternate option in place by tomorrow,” Legere tweeted late Thursday. He continued to note that any other option would also be free.