The Dublin, Ireland-based Experian took full responsibility for the theft of the data.

"We take privacy very seriously and we understand that this news is both stressful and frustrating," Craig Boundy, CEO for Experian North America, said. "We sincerely apologize for the concern and stress that this event may cause. That is why we're taking steps to provide protection and support to those affected by this incident and will continue to coordinate with law enforcement during its investigation."

Upon discovering the incident, Experian took immediate action by securing its server, initiating a comprehensive investigation and notifying U.S. and international law enforcement. Experian said it is in the process of notifying consumers who might have been affected.

"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," Legere noted. "I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile's systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information."

Experian and T-Mobile have set up two years of free credit monitoring and identity resolution services for compromised customers, which is ironically being offered through Experian's own credit monitoring service.

Experian cautioned consumers that under no circumstances would Experian or T-Mobile call them or send them messages asking for personal information in connection with the breach.

"You may go to the website, but you should not provide personal information to anyone who calls you or sends you a message about this incident," Experian said in a statement.

Gord Boyce, president/CEO of the San Jose, Calif.-based file security firm FinalCode, commented, "The information stolen from Experian can be combined with data from other sources and potentially used in sophisticated attacks. It's become commonplace to offer credit monitoring to victims of a data privacy breach, but other attacks could fall outside the monitored time period."

Boyce added, "The T-Mobile and Experian relationship illustrates the importance of tracking and auditing the use of sensitive and regulated data in different forms throughout its lifecycle and processing supply chain."

The news comes on the heels of the release of the weekly 2015 ITRC Breach Report, which displayed the number of 2015 breaches as of Sept. 29 as 563, down by 2.7% from last year's record pace for the same time period (593). Still, more than 155 million records have been exposed this year, according to the report.

"In 1999, Scott McNealy, CEO of SUN Microsystems was quoted as saying, 'You have zero privacy anyway. Get over it.' Unfortunately, his words are truer than ever with the massive data breaches over the last few years," Stu Sjouwerman, founder/CEO of the Clearwater, Fla.-based security firm KnowBe4, said in response to the breach.