Hackers steal info from 15 million T-Mobile customers and applicants

The mobile phone company is pointing the finger at credit reporting agency Experian for the security breach.

In a massive data breach, hackers have stolen sensitive information belonging to about 15 million T-Mobile wireless customers and potential customers in the United States, including home addresses, birth dates, and Social Security numbers.

The hackers got the information from credit reporting agency Experian, which T-Mobile uses to check the credit of consumers applying for phone plans and financing devices, The Associated Press reports.

"Upon discovery of the incident, Experian took immediate action, including securing the server, initiating a comprehensive investigation, and notifying U.S. and international law enforcement.," Experian said in a press release.

In an open letter to customers posted on its website. T-Mobile CEO John Legere said that any customers who had joined or attempted to join T-Mobile between September 1, 2013, and September 16, 2015, could be affected by the attack.

Mr. Legere said information that was encrypted may have also been compromised. Encrypted information included Social Security numbers and identification numbers such as a driver's license or passport number used in T-Mobile's own credit assessment.

"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," Legere wrote. "I take our customer and prospective customer privacy very seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile's systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information."

This is not the first data breach involving a credit reporting agency.

In March 2013, Experian and credit-reporting giants Equifax and TransUnion confirmed that sensitive, personal-identifying information about celebrities and public figures has been taken from their systems, Bloomberg reported.

Nearly 800 data breaches were reported last year by US organizations, according to AP.

No one has yet claimed responsibility for the hack, which is the latest in a string of high-profile cyber attacks on businesses and other organizations in recent years affecting millions of people, including Sony Pictures, eBay and affair-enabling dating site Ashley Madison.

It is not clear what the hackers have done with the stolen T-Mobile data.

“This type of information typically appears for sale on black markets. Hackers then amass the stolen information to build large, searchable databases that make it easy for anyone to steal your identity for a small price. A stolen identity leads to stolen tax refunds, ruined credit and worse,” CNN reports.

In response to the attack, Legere said that T-Mobile would give anyone affected free credit monitoring service for two years.