One of the “big three” credit bureaus, Experian, says data on 15 million T-Mobile customers, and would-be customers, were lifted from its servers.

Experian said in a blog post that the data was stolen when hackers attacked a server which contained personal information from consumers who applied for T-Mobile USA postpaid services between Sept. 1, 2013 and Sept. 16, 2015.

The records contained name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile’s own credit assessment.

No payment card or banking information was obtained, the credit bureau said. But fraudsters and identity thieves can often piece together a full consumer profile using the type of data stolen from Experian.

T-Mobile CEO John Legere is more than a little concerned. “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” he wrote in a letter to customers Thursday.

The company is now notifying the individuals whose data may have been stolen. It’s also offering free credit monitoring and identity resolution services to victims for two years.

“Although there is no evidence that the data has been used inappropriately, Experian strongly encourages affected consumers to enroll in the complimentary identity resolution services,” the company said in the blog post.