T-Mobile data breach: Hacker steals names, birthdates, Social Security numbers and more from 15M people

An unidentified "unauthorized party" accessed the personal information of around 15 million people who applied for T-Mobile US' (NYSE:TMUS) services. Experian, the company that handles T-Mobile's credit applications, announced its systems were breached and that all its data "may have been compromised."

"The data included some personally identifiable information for approximately 15 million consumers in the US, including those who applied for T-Mobile USA postpaid services or device financing from September 1, 2013 through September 16, 2015, based on Experian's investigation to date," Experian said. "This incident did not impact Experian's consumer credit database."

Experian and T-Mobile said they are working to notify the affected customers, who will be eligible for two years of Experian's credit monitoring and identity resolution services. T-Mobile CEO John Legere noted the carrier is also working to offer additional monitoring options beyond those provided by Experian.

"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," Legere said on the company's blog (Legere's original style is retained in this quote). "I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile's systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information."

The data that was hacked included names, dates of birth, addresses, and Social Security numbers and/or an alternative form of ID like a drivers' license number, as well as additional information used in T-Mobile's own credit assessment.  No payment card or banking information was acquired, the companies said.

Experian said it has notified U.S. and international law enforcement about the hack.

"Although there is no evidence that the data has been used inappropriately, Experian strongly encourages affected consumers to enroll in the complimentary identity resolution services," Experian said.

T-Mobile, like most wireless carriers, conducts credit checks on new customers to determine whether they are eligible for services like device financing.

Of course, this isn't the first hacking episode in the wireless industry. Here's just a smattering of some of the market's recent hacks or near-hacks:

Apple said it is taking steps to clean up the App Store after several cyber security firms reported finding a malicious program called XcodeGhost that was embedded in hundreds of legitimate applications.

  • Sprint said its network was not the culprit behind a recent media exposé that revealed how connected Fiat Chrysler vehicles were vulnerable to hacking and remote manipulation.
  • AT&T Mobility confirmed that three employees of one of its vendors, which it did not name, accessed an unknown number of customers' personal information, including Social Security numbers and call records, between April 9 and April 21.
  • Millions of Carphone Warehouse customers are at risk of identity theft after it admitted its systems had been subject to what it called a "sophisticated cyber-attack."
  • A hacker said that he was able to break in to OnStar's RemoteLink mobile app and use it to locate users' cars, unlock their car doors and start their engines. 

For more:
- see this T-Mobile post
- see this Experian release

Related articles:
Sprint says its network not at fault in hacking demonstration of Chrysler vehicles
Apple removes apps affected by 'XcodeGhost' malware after App Store is hacked
AT&T confirms data breach as hackers hunted for codes to unlock phones