Hold onto your butts, T-Mobile customers: 15 million of you just had your records gobbled up in a hack of credit giant Experian.

In a letter to customers posted today on the T-Mobile website, CEO John J. Legere spells out the gruesome details:

These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised.

The breach includes the records of any applicants requiring credit checks for service or device financing from September 2013 through September 16, 2015.

Experian is careful to note that this breach did not compromise their vast consumer credit database, where credit records are compiled for virtually all Americans. Whew. Experian has now managed to keep the mother lode* safe through two recent massive data breaches—back in 2013 a 24-year-old Vietnamese national was indicted in New Hampshire for accessing and selling hundreds of thousands of sensitive customer records from Experian databases, for the purposes of identity theft.

Also:

Consumers should note that under no circumstances will Experian or T-Mobile call you or send you a message and ask for your personal information in connection with this incident.

T-Mobile and Experian do offer a few helpful tools and suggestions for those affected, including not one but two fairly comprehensive FAQ sites, and links to a free identity protection and resolution service. The Experian FAQ is very clear that the nature of the compromised data does present an increased risk for identity theft, so probably you should get cracking on protecting yourself from the fallout of this thing.

[T-Mobile]

Photo via Northfoto / Shutterstock.com