Approximately 15 million T-Mobile customers and credit applicants had their records stolen after hackers stole information from its credit verifier, Experian, said T-Mobile CEO John Legere.
People who applied for a credit check or device financing from T-Mobile between September 1, 2013, and September 16, 2015, had their information stolen, according to a note posted by Legere.
The encryption that was supposed to protect much of the information is also believed to be broken. The stolen records included names, addresses, birthdays, Social Security numbers, and driver’s license or passport information.
Credit-card and banking info was not compromised, according to Experian.
The breach happened not in T-Mobile’s systems, but in those of Experian, a third-party vendor that the phone company used to verify credit information. Experian’s announcement said that the access was in one server that contained T-Mobile’s information.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere wrote.
Experian warned that customers should not respond to any calls or messages from the company in connection to the data breach, and should only visit their website online.