If you signed up for a new T-Mobile account between September 1, 2013 and September 16, 2015, your personal information was likely compromised.
It happened when hackers breached a system at the credit reporting agency Experian, which processed the applications for the cell phone company. T-Mobile CEO John Legere said the investigation is still underway, but the hack apparently exposed name, address, and birthdate, as well as encrypted fields with the Social Security number and ID number of those affected. Experian has determined that this encryption may have been compromised.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere said in written statement. “I take our customer and prospective customer privacy very seriously.This is no small issue for us.”
Legere say neither T-Mobile’s systems nor network were part of this intrusion and the breach did not involve any payment card numbers or bank account information.
Legere says customers concerned that they may have been impacted by Experian’s data breach can sign up for two years of free credit monitoring and identity resolution services.
Meanwhile, Experian is notifying the people who may have been affected to offer the free credit monitoring and identity restoration services to all of the consumers who are potentially at risk.
Why data was being stored
T-Mobile said Experian maintains a historical record of the applicant data used by the carrier to make credit decisions. The data provides the record of the applicant’s credit application with T-Mobile and is used to assist with credit decisions and respond to questions from applicants about the decision on their credit application.
T-Mobile said the data is required to be maintained for a minimum period of 25 months under credit laws.
Experian has determined that, although Social Security and identification numbers were encrypted, the encryption may have been compromised. That means the most sensitive of customer data may have fallen into criminal hands.
Armed with a name, address, and Social Security number, a cyber-thief can steal an identity and open numerous credit accounts in the victim's name.