T-Mobile US said about 15 million consumers who filled out credit applications with the wireless carrier may have had their personal information stolen by hackers.
The breach happened when attackers gained access to a database containing T-Mobile's information that was run by Experian, the credit-tracking firm, the carrier said Thursday. The hackers stole names, addresses and social security numbers. People who submitted credit applications from Sept. 1, 2013, to Sept. 16, 2015, were affected, T-Mobile said.
"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," John Legere, T-Mobile's chief executive officer, wrote in a letter to consumers.
Hackers didn't gain access to any payment or banking information, Experian said in a statement. The firm is investigating the hack, and said it notified U.S. and international law enforcement. The breach didn't impact Experian's consumer-credit database, it said.
Hackers are targeting health care and other companies, after retailers stepped up security following the hack of Target Corp. in 2013, according to John Gunn, a vice president at VASCO Data Security. Hackers can sell social security numbers for 10 to 20 times more than credit-card numbers on the black market, he said.
"My government is not going to send me a new social security number ever," Mr. Gunn said. "There's exposure for the rest of my life."