Experian's servers have been hacked – and now sensitive files on 15 million people who applied for T-Mobile US contracts have fallen into the wrong hands.
In a letter published today, T-Mob boss John Legere said miscreants got hold of the database Experian uses when performing credit checks on folks enrolling for phone contracts.
That swiped information was collected from successful and unsuccessful contract applicants between September 1, 2013 and September 16, 2015. Experian said it discovered the network intrusion on September 15.
The data included applicants' unencrypted usernames, home addresses, and dates of birth, as well as encrypted social security numbers, personal ID (such as state driving license numbers), and what Legere would only describe as "additional information" used for credit checks.
Sadly, that encryption "may have been compromised," or cracked, according to T-Mobile US.
The mobile telco said the data was collected from postpaid account applicants (those who want to pay their bills after the charges for the month have occurred). None of T-Mobile's own servers or databases were breached.
"We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach," Legere wrote.
"The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing."
Experian and T-Mobile US said they were in the process of notifying affected citizens, and those whose data was stolen will be able to sign up for two free years of credit and identity monitoring through Protect MyID – an Experian service that, we hope, will do a better job of handling the data than its parent.
Experian noted that the only data lifted from its computers belonged to T-Mobile US applicants, and that its own consumer credit services were not affected.
Legere, not known as one to mince words, did little to hide his feelings about the incident.
"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," he said.