Experian North America today announced that one of its business units, notably not its consumer credit bureau, experienced an unauthorized acquisition of information from a server that contained data on behalf of one of its clients, T-Mobile USA.
The data included some personally identifiable information for approximately 15 million consumers in the US, including those who applied for T-Mobile USA postpaid services or device financing from September 1, 2013 through September 16, 2015, based on Experian’s investigation to date. This incident did not impact Experian’s consumer credit database.
Upon discovery of the incident, Experian took immediate action, including securing the server, initiating a comprehensive investigation, and notifying U.S. and international law enforcement.
The data acquired included names, dates of birth, addresses, and Social Security numbers and/or an alternative form of ID like a drivers’ license number, as well as additional information used in T-Mobile’s own credit assessment. No payment card or banking information was acquired.
Experian is in the process of notifying consumers that may be affected, and safeguarding their identity and personal information by offering two years of credit monitoring and identity resolution services through ProtectMyID.
To find additional information, go to experian.com/T-MobileFacts. Although there is no evidence to-date that the data has been used inappropriately, Experian strongly encourages affected consumers to enroll in the complimentary identity resolution services.
Affected consumers may enroll in free credit monitoring services at protectmyid.com/securityincident.
“We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause,” said Craig Boundy, Chief Executive Officer, Experian North America.
“That is why we’re taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation.”
Consumers should note that under no circumstances will Experian or T-Mobile call you or send you a message and ask for your personal information in connection with this incident. You may go to the website, but you should not provide personal information to anyone who calls you or sends you a message about this incident.
T-Mobile CEO on Experian’s Data Breach
T-Mobile U.S. CEO John Legere has written an open letter to U.S. consumers on Experian’s Data Breach.
This is what he had to say:
“I’ve always said that part of being the Un-carrier means telling it like it is. Whether it’s good news or bad, I’m going to be direct, transparent and honest.
We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised. We are working with Experian to take protective steps for all of these consumers as quickly as possible.
Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.
Experian has assured us that they have taken aggressive steps to improve the protection of their system and of our data.
Anyone concerned that they may have been impacted by Experian’s data breach can sign up for two years of FREE credit monitoring and identity resolution services at protectmyID.com/securityincident.
T-Mobile’s team is also here and ready to help you in any way we can. We have posted our own Q&A here to keep you as informed as possible throughout this issue.
At T-Mobile, privacy and security is of utmost importance, so I will stay very close to this issue and I will do everything possible to continue to earn your trust every day.
Sincerely,
John Legere”
