Consumer credit monitoring firm Experian Plc on Thursday disclosed a massive data breach that exposed personal data of some 15 million people who applied for service with T-Mobile US. Experian says that the investigation is ongoing, but the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015.
These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver?s license or passport number), and additional information used in T-Mobile?s own credit assessment.
Experian has determined that this encryption may have been compromised.
"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian," T-Mobile Chief Executive John Legere said in a note to customers posted on the company's website. "But right now my top concern and first focus is assisting any and all consumers affected."
Legere added no payment card or banking information was taken.
"We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause," said Craig Boundy, Chief Executive Officer, Experian North America. "That is why we're taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation."
The Experian breach is the latest in a string of massive hacks that have each claimed millions of customer records, including the theft of personnel records from the U.S. government this year, a 2014 breach on JPMorgan Chase and a 2013 attack on Target's cash register systems.
Connecticut's attorney general said he will launch an investigation into the breach.