Experian 2015 Data Breach

Experian Credit Bureau Breach (2015): 110 Million T-Mobile Applicant Profiles Including Income, Religion & Ethnicity Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Unknown (T-Mobile vendor compromise; secondary 110M dataset unverified provenance)FinancialCredit StatusDate of BirthEmail AddressEthnicity or RaceFamily StructureFinancial ProfileFull NameGender
High SeverityWebsite / service breach

Experian Credit Bureau Breach (2015): 110 Million T-Mobile Applicant Profiles Including Income, Religion & Ethnicity Exposed

Credit reporting and data analytics company.

Verified by ObscureIQ Intelligence
60/100Breach Risk Index
25Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: Experian · Actor: Unknown (T-Mobile vendor compromise; secondary 110M dataset unverified provenance) · Sources: 3 references
Attack: Unknown
Profile: Company · Credit reporting and financial data analytics · Data aggregation and scoring services · Global
Timeline: Breach (2015-09-16) · Indexed (Dec 01, 2024) · Year (2015)
Exposure: 110.2M records · 14 fields: Credit Status, Date of Birth, Email Address, Ethnicity or Race, Family Structure, Financial Profile, Full Name, Gender, Homeownership Status, IP Address, Phone Number, Physical Address, Purchase Preferences, Religion
Status: Reported

Executive Summary

In late September 2015, Experian disclosed that a server holding personal data for one of its corporate clients, T-Mobile USA, had been accessed by an unauthorized party. Experian was processing credit checks for applicants seeking T-Mobile postpaid service or device financing, and the compromise affected roughly 15 million people who had applied between September 2013 and September 2015.\n\nThe exposed records included names, addresses, dates of birth, and identification numbers including driver's license, military ID, or passport numbers. Social Security numbers and other ID fields were stored encrypted, but Experian and T-Mobile both stated that the encryption was likely compromised. No payment-card or banking information was involved. Experian discovered the intrusion on September 15, 2015, contained the affected systems, and notified T-Mobile and law enforcement.\n\nA larger dataset of around 110 million unique email addresses, paired with marketing-segmentation fields including income, ethnicity, religion, family structure, and homeownership status, has subsequently circulated on breach-tracking services and been indexed alongside the original 2015 incident. The provenance of this larger corpus relative to the original Experian/T-Mobile compromise is not fully resolved. Affected individuals should treat the combination of identity, contact, and financial-segmentation data as durable identity-fraud risk and consider credit freezes at all three U.S. bureaus alongside ongoing account monitoring.

ObscureIQ assessment: Severe risk. Exposure enables identity theft, synthetic identity creation, credit fraud, and long-term financial exploitation. The data is highly persistent and difficult for victims to remediate.

Breach Impact

The 2015 incident produced a sustained and sizable institutional cost. Experian and T-Mobile faced consumer class-action litigation, congressional scrutiny, and a multistate attorneys-general investigation that resulted in a combined $25 million settlement announced in November 2022. T-Mobile's then-CEO publicly criticized Experian's handling of the breach in a letter to customers. Experian also funded two years of free credit monitoring and identity-resolution services for affected applicants. The reputational hit was particularly acute because the breached data sat on credit-bureau infrastructure, the kind of system consumers cannot opt out of when they apply for mainstream financial products.

About Experian

Experian is a global information services company best known for consumer credit reporting and data analytics. Headquartered in Dublin and listed on the London Stock Exchange, the firm operates as one of the three major credit bureaus serving the United States, alongside Equifax and TransUnion, and runs additional consumer-data, marketing, and identity services in dozens of countries. Its U.S. operations process credit applications, fraud-prevention data, and marketing-segmentation files for thousands of corporate clients in lending, telecommunications, retail, and financial services.

Why They Hold Your Data

Credit reporting and financial analytics firms aggregate highly sensitive identity, contact, credit, financial, employment, and scoring-related data across large populations for lending and risk assessment purposes.

Recent Developments

A multistate settlement announced in November 2022 saw Experian agree to pay roughly $22.5 million and T-Mobile $2.5 million to resolve attorneys-general investigations tied to the 2015 incident. Experian itself remains an active and growing global business, with continued expansion in identity-protection services, fraud analytics, and consumer-direct credit products. The firm has been linked to other breach disclosures in subsequent years, including a separate Experian South Africa incident in 2020. Aggregated datasets attributed to Experian continue to surface periodically on dark-web marketplaces, complicating consumer remediation more than a decade after the original 2015 disclosure.

Data Points Exposed

14 verified field types
Credit Status High
Date of Birth High
Email Address
Ethnicity or Race High
Family Structure
Financial Profile High
Full Name High
Gender
Homeownership Status
IP Address
Phone Number
Physical Address High
Purchase Preferences
Religion High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Financial fraud using exposed financial profile data
  • Identity verification bypass using name + date of birth combination
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Fraudulent credit application
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Discriminatory targeting & hate crime enablement
  • Household targeting
  • Loan fraud & targeted financial scams
  • Name-based social engineering
  • Profile enrichment
  • Mortgage & deed fraud
  • Geolocation & account flagging
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Targeted harassment & discrimination

Threat Actor: Unknown (T-Mobile vendor compromise; secondary 110M dataset unverified provenance)

Unknown (T-Mobile vendor compromise; secondary 110M dataset unverified provenance)
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Experian breach?

In late September 2015, Experian disclosed that a server holding personal data for one of its corporate clients, T-Mobile USA, had been accessed by an unauthorized party. Experian was processing credit checks for applicants seeking T-Mobile postpaid service or device financing, and the compromise…

What data was exposed?

Verified fields include Credit Status, Date of Birth, Email Address, Ethnicity or Race, Family Structure, Financial Profile, Full Name, Gender, Homeownership Status, IP Address, Phone Number, Physical Address, Purchase Preferences, Religion.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation