In a letter to consumers, T-Mobile CEO John Legere disclosed that the vendor his company uses to process credit applications has been compromised.
The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised. We are working with Experian to take protective steps for all of these consumers as quickly as possible.
In responding to this attack, T-Mobile will be offering up two years of free credit monitoring and identity theft protection through ProtectMyID.com.
We don’t have confirmation on when this attack took place, or how quickly T-Mobile and Experian responded to the issue. Though the data stolen represents approximately two years of records, we can assume that the hackers have not had access for that length of time.
You can read Experian’s official press release here, and John Legere’s full letter to T-Mobile customers below.
T-Mobile CEO on Experian’s Data Breach
We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised. We are working with Experian to take protective steps for all of these consumers as quickly as possible.
Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.
Experian has assured us that they have taken aggressive steps to improve the protection of their system and of our data.
Anyone concerned that they may have been impacted by Experian’s data breach can sign up for two years of FREE credit monitoring and identity resolution services at www.protectmyID.com/securityincident. Additionally, Experian issued a press release that you can read here, and you can view their Q&A at Experian.com/T-MobileFacts.
T-Mobile’s team is also here and ready to help you in any way we can. We have posted our own Q&A here to keep you as informed as possible throughout this issue.
At T-Mobile, privacy and security is of utmost importance, so I will stay very close to this issue and I will do everything possible to continue to earn your trust every day.