T-Mobile said on Thursday that around 15 million of its U.S. customers may have been exposed in a data breach at one of its vendors.
The hackers compromised encrypted data at Experian, which processes the telecom carrier’s credit applications, sometime between Sept. 1, 2013, and Sept. 16 of this year. The stolen data includes Social Security numbers and other ID numbers, such as driver’s licenses or passport numbers.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” CEO John Legere said in an open letter on the carrier’s website. “I take our customer and prospective customer privacy VERY seriously.”
Payment card and banking account information were not compromised because the hackers did not infiltrate T-Mobile’s networks, Legere said.
The breach comes as the Senate gears up to debate stalled cybersecurity legislation that would boost the flow of threat information between the federal government and private industry.
The Cybersecurity Information Sharing Act (CISA) could see floor time in the Senate as early as next week, or possibly the week after.
Pressure has been mounting on lawmakers to move on some kind of cybersecurity legislation as high-profile hacks on commercial companies from Target to Home Depot have proliferated.
“The greatest thing we need right now is help from the other branch of government to pass cyber legislation,” Homeland Security Secretary Jeh Johnson pressed in September. “The House has already passed comprehensive cybersecurity legislation that greatly enhances my authorities, that greatly enhances information with the private sector; in my view that is the key.”