Experian PLC said a data breach may have compromised the personal information of roughly 15 million consumers in the U.S., including those who had applied for T-Mobile US Inc. subscription services or devices over two years through Sept. 16.
"Obviously I am incredibly angry about this data breach, and we will institute a thorough review of our relationship with Experian," T-Mobile Chief Executive John Legere said in an open letter posted on the company's website. "This is no small issue for us."
Mr. Legere said the breach didn't involve any of T-Mobile's systems or network. He added that Experian's encryption may have been compromised.
Experian--one of three main credit-reporting agencies along with Equifax Inc. and TransUnion Corp.--said the breach didn't affect the Costa Mesa, Calif., company's consumer-credit database.
Experian said no payment card or banking information was acquired in the breach and that the data taken included names, dates of birth, addresses, and Social Security numbers, as well as an alternative form of identification and other information used in T-Mobile's credit assessment.
Mr. Legere added that the company is working with Experian to take protective steps for all consumers affected by the breach. Experian said it is in the process of notifying consumers and that it will offer two years of credit monitoring and identity resolution services.
According to T-Mobile, Experian keeps a historical record of applicant data used by T-Mobile to make credit decisions and is required to maintain the data for a minimum of 25 months under credit laws.
(By Tess Stynes)