T-Mobile, Experian Data Breach Exposes Personal Info For 15M Consumers

tmoneversettleSome bad news to start off October — hackers stole personal information for around 15 million consumers from a database of T-Mobile customers and applicants that was held by Experian.

According to Experian, the breach revealed the following information about affected consumers: name, address, Social Security number, date of birth, identification number (i.e., driver’s license, military ID, or passport number) and any additional information used in T- Mobile’s credit assessment process. The company says that no payment card or bank account info was included in the theft.

The compromised data comes from anyone who applied for a T-Mobile account after Sept. 1, 2013 and before Sept. 16, 2015.

The law requires that creditors maintain records of all credit applicants for 25 months in case it’s needed to answer questions or resolve disputes. Because of this requirement, the hackers were able to access all that historical info.

Even though it didn’t include credit card or bank account info, a clever ID thief can do a lot with the stolen information. So far, Experian says it has seen no evidence that the data has been used, but that doesn’t mean it won’t be sold to scammy buyers eventually.

Anyone who applied for a new contract or financed a phone through T-Mobile in the last two years should keep a vigilant eye on their bank and card accounts. Alert your bank and card issuer if you see anything out of the ordinary.

Additionally, Experian is asking anyone who might be affected to go to www.ProtectMyID.com/SecurityIncident if they want to register for two years of free credit monitoring.

Customers can also call 866-369-0422 or send an e-mail to consumersupport@protectmyid.com if they have questions.

T-Mobile is putting blame for the breach squarely on the shoulders of Experian.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” reads a letter from T-Mo CEO John Legere to his customers, “but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.