Joining an inauspicious list that includes Home Depot (HD) and Target (TGT), Experian, one of the nation’s three largest credit reporting agencies, is the latest target of a data breach, resulting in the theft of the personal data of more than 15 million people.
According to Experian and muliple reports, the credit reporting agency discovered earlier this month that hackers breached the company’s systems and stole 15 million people’s personal information, including their name, address, Social Security number, date of birth, and an identification number – in many cases, their driver’s license number, military ID, or passport number.
In its statement, Experian said that the theft did not involve any payment card or banking information.
According to Experian, the breach focused entirely on data on collected from new applications for T-Mobile (TMUS) between Sept. 1, 2013 and Sept. 16, 2015.
According to a statement from T-Mobile, the company uses Experian to process its credit applications.
Experian noted that other data used in “T-Mobile’s own credit assessment” may have been stolen as well. In a section of Experian’s statement, it said that T-Mobile uses a variety of information to determine the likelihood that a borrower will be able to pay.
“Information used to do this can include a consumer’s payment history, as well as information from Experian or other sources,” Experian said. “That information is then compiled and used in their credit criteria when evaluating the risk level of an applicant. In this case, the data acquired included the fields containing those assessments, but not the underlying information used in calculating the assessment.”
In a letter to consumers posted on T-Mobile’s website, the company’s chief executive officer, John Legere, said that the company is working with Experian take protective steps for all of the affected consumers as quickly as possible.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere said.
“I take our customer and prospective customer privacy VERY seriously,” Legere continued. “This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”
Experian said that its consumer credit database was not accessed, and no other clients' data was accessed during the breach.
"We take privacy very seriously and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause," said Craig Boundy, chief executive officer, Experian North America. "That is why we're taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation."
Experian also said that as of now, it has no indication that the T-Mobile customer data has been used “inappropriately.”
The companies said they are offering two years of free credit monitoring and identity resolution services to the affected customers.
According to Experian, the company is continuing to investigate the theft, closely monitoring its systems, and working with domestic and international law enforcement in the investigation.