October 2, 2015 3 min read

T-Mobile’s CEO John Legere is angry again and this time for very good reason. A hacker has snatched the highly personal records of some 15 million current and potential T-Mobile customers in the U.S.

The massive breach, first discovered on Sept. 15, 2015, impacted people who applied for credit with the telecommunications giant through Experian between Sept. 1, 2013, and Sept. 16, 2015. That’s two years’ worth of sensitive identifying data that T-Mobile uses to check credit ratings possibly making the rounds on the black market.

Related: In Government Hack, the Number of Fingerprints Stolen Has Jumped to 5.6 Million

.@WithinRafael I get it. We're working as fast as possible to provide a second I.D. monitoring and protection service option — John Legere (@JohnLegere) October 2, 2015

The stolen information includes victims’ home addresses, Social Security numbers and birth dates along with driver’s license, passport and military I.D. numbers, among other information. More than enough crumbs for ne'er-do-wells to rip off people’s identities without trying too terribly hard.

Legere broke the bad news yesterday in a post on his company’s website that aired his frustration over the incident. “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” he said, “but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us.”

Related: Judge Allows Class-Action Lawsuit Against Target in Data Breach

He went on to assure customers that none of T-Mobile’s systems and networks were hacked and that no payment card or bank account numbers were exposed in the Experian intrusion. Experian, for its part, also noted that no banking data was swept up in the hacker’s haul.

Good news: Experian encrypted the SSNs. Bad news: The encryption was "compromised". Whoops. https://t.co/VcbEv3pJ1z pic.twitter.com/w1o7wW5qzY — Christopher Soghoian (@csoghoian) October 1, 2015

Some of the pilfered data was encrypted, but Experian has determined that it may have been compromised anyway. The global financial services firm said on its website that it notified federal and international law enforcement agencies upon discovering the “unauthorized party access” to the T-Mobile data and is continuing to investigate the theft and closely monitor its systems. The identity of the hacker is not yet known and, frankly, may never be.

Experian is offering those impacted by the break-in two years of free credit monitoring and identity theft resolution services.

Related: 8 of the Biggest Data Breaches Ever and How They Happened (Infographic)