Roughly 15 million T-Mobile USA customers — those who applied for device financing or a credit check between September 2012 and September 2015 — may have personal data exposed, news that came to light after T-Mobile’s credit vendor, Experian, announced one of its servers had been hacked.

From Experian’s press release, here’s what was nabbed:

“The data acquired included names, dates of birth, addresses, and Social Security numbers and/or an alternative form of ID like a drivers’ license number, as well as additional information used in T-Mobile’s own credit assessment. No payment card or banking information was acquired.”

As a consolation prize, Experian says users get two years of credit monitoring through the ProtectMyID service, which itself is part of Experian. The irony was not lost on Twitter, which T-Mobile CEO Legere has acknowledged.

Legere, for his part, seems peeved. “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” he wrote in a post on T-Mobile’s website.

There is no indication that data stolen in the breach has been used for nefarious purposes, Experian said, but you’ll want to keep an eye out if you think your data might have been included.

Photos via Flickr.com/Mike Mozart