Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile.

The breach was the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers, T-Mobile CEO John Legere said in a statement posted online. The investigation into the hack has yet to be completed, but so far the compromise is known to affect people who applied for T-Mobile service from September 1, 2013 through September 16 of this year. It's at least the third data breach to affect Experian disclosed since March 2013.

"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," Legere wrote. "I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information."

According to a FAQ posted by Experian, the breach involved an Experian server storing data for people who applied for T-Mobile USA postpaid services. Company officials discovered the unauthorized access on September 15. The records contained names, addresses, social security numbers, birth dates, and passport numbers, military IDs, or driver license numbers. Experian said the social security and ID numbers were encrypted but that company investigators have determined the encryption may have been compromised.

People whose data was exposed are eligible to receive two years of free credit-monitoring. While the offer may sound generous, security reporter Brian Krebs makes a convincing argument that the value of credit-monitoring is extremely limited. People whose personal data has been exposed are much better off placing a fraud alert on their credit files. Both Krebs's article and the Experian FAQ explain how to go about doing that. Readers are also reminded that initial breach notifications almost always understate the depth or breadth of the hack. Don't be surprised if the Experian breach turns out to affect more people or services.