T-Mobile customers personal data compromised by breach

The breach covered about 15 million people. It included information on T-Mobile subscribers, former customers as well as consumers that applied for service or device financing at the wireless carrier since 2013.

The exposed data included names, addresses and birth dates as well as encrypted Social Security numbers, driver’s license or passport numbers. The companies said credit card or banking information was not compromised.

T-Mobile said the breach was discovered on September 15 2015, and it was notified about a week later. In a public letter, T-Mobile Chief Executive John Legere said the encryption of the downloaded information may have been compromised.

It is unclear in the T-Mobile case how the encrypted T-Mobile data was accessed, but hackers have gotten around defenses in the past by stealing the username and password for someone with access to the encrypted data.