Identity Protection Blog

Finance Blogs » Identity Protection Blog » Experian data breach hits 15 million

Experian data breach hits 15 million

By Mitch Strohm ·
Friday, October 2, 2015
Posted: 1 pm ET

Hackers have stolen the personal information of 15 million people in a data breach of the credit reporting agency Experian.

That includes information of people who applied for T-Mobile USA postpaid services or device financing from Sept. 1, 2013, through Sept. 16, 2015, according to a press release from Experian.

What happened?

On Sept. 15, Experian discovered that hackers gained access to a server that housed the personal information of T-Mobile customers. These records include information such as name, address and birth date, as well as encrypted fields with Social Security number and ID number (such as driver's license or passport number), and additional information used in T-Mobile's own credit assessment.

Fortunately, Experian's consumer credit database wasn't compromised, so no payment card or banking information was taken.

Am I impacted?

If you applied for service or device financing through T-Mobile from Sept. 1, 2013 through Sept. 16, 2015, you could be at risk.

According to Experian, there's no evidence that the stolen information has been misused, but it's still wise to be extra cautious about identity theft.

Of course, it's important to note that T-Mobile's systems and network, outside of the Experian hack, were not compromised.

"This is no small issue for us. I do want to assure our customers that neither T-Mobile's systems nor network were part of this intrusion, and this did not involve any payment card numbers or bank account information," said T-Mobile CEO John Legere in a letter to customers on the company's site.

What is Experian doing?

Experian is notifying all customers that may be affected by this breach.

It's also offering all affected T-Mobile applicants 2 free years of credit monitoring and identity resolution services through ProtectMyID. ProtectMyID is an Experian service.

"We take privacy very seriously, and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause," said Craig Boundy, Chief Executive Officer, Experian North America, in a press release. "That is why we're taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation."

What should you do?

If you believe you've been affected by this breach, sign up for the free credit monitoring and identity resolution services being offered by Experian. You can do that by visiting, by calling (866) 369-0422 or by sending an email with questions to

Also, be alert to "phishing" scams. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Experian said that neither it nor T-Mobile will call or send you a message asking for personal information in connection with this incident.

Finally, be vigilant. Consistently monitor your credit statements and credit reports for errors or signs of fraudulent activity.

You can pick up your free credit report from myBankrate.

Follow me on Twitter: @MitchStrohm.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.