Sensitive customer information including names, addresses, birthdays and social security numbers of about 15 million people have been compromised in a data breach of credit reporting agency Experian.
The breach includes some customers of cell phone company T-Mobile.
In a statement, Experian said a hacker or hackers appear to have obtained access to a company server – one that is not part of its consumer credit bureau, but hosted personal information of people who applied for the carrier's services.
T-Mobile CEO John Legere issued a statement addressing the data breach:
"We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015."
Legere added the company is working with Experian to take protective steps for all of these consumers as quickly as possible. He said the breach did not affect T-Mobile's network.
According to Experian,"no payment card or banking information was obtained." The credit service says it's in the process of notifying consumers who may have been affected and offering credit monitoring.
- To find out more information go to www.experian.com/T-MobileFacts
- Affected consumers may enroll in free credit monitoring services at www.protectmyid.com/securityincident.
It's not the first issue for Experian. Investigative journalist Brian Krebs publicly took Experian to task in 2014 for selling data to an identity theft service.
Fortune.com reports that Experian didn't offer any hints about who may have accessed the consumer data, saying it was "an unauthorized party."
Experian adds that there's no evidence the data has been used inappropriately.