A breach at the data broker Experian has revealed names, addresses, and social security numbers for 15 million Americans, including anyone who filed a credit check with the carrier between September 1st, 2013 through September 16th, 2015. It's unclear how many other companies were involved in the breach, but no banking or credit card information appears to be involved. The social security numbers were being stored in encrypted form, but that encryption may have been compromised. Experian is in the process of contacting customers affected by the breach, and will offer two years of credit monitoring services to anyone affected. "We are working with Experian to take protective steps for all of these consumers as quickly as possible," T-Mobile CEO John Legere said in a statement.
Experian holds credit data on hundreds of millions of Americans, one of just three major reporting bureaus in the United States. It's also a common target for scammers: in 2012, a Vietnamese scammer named Hieu Minh Ngo was able to obtain fraudulent access to the database, offering it for sale on an underground fraud side. While Ngo's access to the database was terminated at the end of 2012, the incident has been treated by federal law enforcement as a breach, and led to a number of ongoing suits against the agency.