T-Mobile and Experian announced a data breach today, one which affects approximately 15 million people. More specifically, T-Mobile’s John Legere states in an open letter that any new customers who ran a credit check for a new device/plan from September 1, 2013 to September 16, 2015 are likely affected by this breach.
As to what data was breached, T-Mobile and Experian claim that information including full name, address, birthdate, in addition to encrypted information such as social security number and ID numbers (driver’s license numbers and passport numbers) were breached. While the most sensitive data was encrypted, Experian has determined that the encryption may have been compromised.
Legere made it clear that no payment card numbers or bank information was involved in the breach.
Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.
If this breach affected you, and if you are a new T-Mobile customer then it probably does, Experian is offering two years of free credit monitoring via their own Protect My ID service. To sign up, you will need to provide your social number and all of that, but at least you can be somewhat assured that if any of your information falls into the wrong hands, you are protected.
T-Mobile has posted a full FAQ on the situation, and so has Experian.