Hackers have stolen the personal information of 15 million people in a data breach of the credit reporting agency Experian.
That includes information of people who applied for T-Mobile USA postpaid services or device financing from Sept. 1, 2013, through Sept. 16, 2015, according to a press release from Experian.
On Sept. 15, Experian discovered that hackers gained access to a server that housed the personal information of T-Mobile customers. These records include information such as name, address and birth date, as well as encrypted fields with Social Security number and ID number (such as driver's license or passport number), and additional information used in T-Mobile's own credit assessment.
Fortunately, Experian's consumer credit database wasn't compromised, so no payment card or banking information was taken.
Am I impacted?
If you applied for service or device financing through T-Mobile from Sept. 1, 2013 through Sept. 16, 2015, you could be at risk.
According to Experian, there's no evidence that the stolen information has been misused, but it's still wise to be extra cautious about identity theft.
Of course, it's important to note that T-Mobile's systems and network, outside of the Experian hack, were not compromised.
"This is no small issue for us. I do want to assure our customers that neither T-Mobile's systems nor network were part of this intrusion, and this did not involve any payment card numbers or bank account information," said T-Mobile CEO John Legere in a letter to customers on the company's site.
What is Experian doing?
Experian is notifying all customers that may be affected by this breach.
It's also offering all affected T-Mobile applicants 2 free years of credit monitoring and identity resolution services through ProtectMyID. ProtectMyID is an Experian service.
"We take privacy very seriously, and we understand that this news is both stressful and frustrating. We sincerely apologize for the concern and stress that this event may cause," said Craig Boundy, Chief Executive Officer, Experian North America, in a press release. "That is why we're taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation."
What should you do?
If you believe you've been affected by this breach, sign up for the free credit monitoring and identity resolution services being offered by Experian. You can do that by visiting ProtectMyID.com/SecurityIncident, by calling (866) 369-0422 or by sending an email with questions to ConsumerSupport@ProtectMyID.com.
Also, be alert to "phishing" scams. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Experian said that neither it nor T-Mobile will call or send you a message asking for personal information in connection with this incident.
Finally, be vigilant. Consistently monitor your credit statements and credit reports for errors or signs of fraudulent activity.
You can pick up your free credit report from myBankrate.
Follow me on Twitter: @MitchStrohm.