Experian PLC said one of its business units “experienced an unauthorized acquisition of information from a server” containing data related to client T-Mobile USA Inc. in Bellevue, Wash.
The theft included names, dates of birth, addresses and Social Security numbers of about 15 million people who applied for T-Mobile USA services in the U.S. from Sept.1, 2013 through Sept.16, 2015.
Experian’s consumer credit database wasn’t affected, according to the Dublin, Ireland-based information services company, whose North American headquarters is in Costa Mesa.
The company is notifying affected consumers and offering to safeguard their identities and personal information with two years of credit monitoring and identity-resolution services through its ProtectMyID product.
“We take privacy very seriously and we understand that this news is both stressful and frustrating,” Chief Executive Craig Boundy said in a statement. “We sincerely apologize for the concern and stress that this event may cause.”