The breach was at a unit of the credit agency Experian which T-Mobile uses to process information on its users and applicants.
Names, social security numbers and birth dates were among the information stolen, however, both firms have rest assured customers that no financial details have been taken. Subscribers that were credit-checked between 1st September 2013 and 16th September 2015 are the most at risk.
Chief executive of T-Mobile John Legere said: “Obviously I am incredibly angry about this data breach, I take our customer and prospective customer privacy very seriously. This is no small issue for us.
I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.
Experian has assured us that they have taken aggressive steps to improve the protection of their system and of our data.”
It was unclear when the breach was discovered but Experian have stated that the matter was reported to authorities immediately after it learned of the hack.
The company said in a statement: “We continue to investigate the theft, closely monitor our systems, and work with domestic and international law enforcement. Investigation of the incident is ongoing.
“Experian is notifying the individuals who may have been affected and is offering free credit monitoring and identity resolution services for two years. In addition, government agencies are being notified as required by law.
T-Mobile is now the third biggest mobile firm in the US, having surpassed Sprint this year.