Major Hack: T-Mobile Credit Check Data from Experian (SSN, Driver's License, Etc.)

Basically, if you signed up for post-paid (standard) services from T-Mobile anytime within the last two years, they likely ran your credit info through Experian, and all of that data was just leaked, including customer names, addresses, social security numbers, driver’s licenses, and date of birth. Experian claims the most sensitive data was encrypted, but my cursory reading on the subject (I signed up for T-Mobile in said timeframe) is that given the high predictability of SSNs, even fairly robust encryption wouldn’t stand up to a dedicated attacker.

As is typical, Experian’s offering 2 years of credit monitoring service, but in this case, I think it’s particularly bad because the data that was stolen (address, DL#, and especially SSN/DOB) very rarely changes for most people, so enterprising thieves who buy said stolen data know they can just wait two years before making use of it.

The main upside here is that my credit should be bad enough that anyone trying to steal my identity won’t be able to get a lot of use out of it!

All your stuff was leaked elsewhere years ago anyway. The only way to effectively protect yourself is to freeze your credit. This means nobody can apply for new lines of credit in your name, which is the purpose of identity theft. It also make it more difficult for them to apply for tax refunds in your name, although unfortunately not impossible.

http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

If you need to apply for new credit, you can contact the various agencies and request a temporary thaw.

Everybody should do this. This means you.