T-Mobile confirms hackers accessed 47.8 million customer records
A preliminary assessment by the US operator found that the stolen data includes SSN and driver’s license information
T-Mobile has confirmed that the records of 47.8 million current, prospective, and former customers have been accessed by hackers, which represents nearly half of the 100 million records that were found for sale online earlier this week.
The company’s preliminary analysis has shown that around 7.8 million current T-Mobile postpaid customer accounts’ information appears in the files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.
“Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers,” the company confirmed.
It said that, so far, there is “no indication” that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information. adding that around 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed.
The company has proactively reset all of the PINs on these accounts and will start notifying customers accordingly “right away”.
T-Mobile revealed it is taking “immediate steps” to help protect all individuals who may be at risk from this "cyber attack". It is set to offer customers two years of free identity protection services with McAfee’s ID Theft Protection Service, and recommend its postpaid customers to change their PINs, despite the fact that it has “no knowledge” that any of these PINs were compromised.
From zero to hero: The path to CIAM maturity
Your guide to the CIAM journeyDownload now
It will also offer “an extra step” to customers to protect their mobile accounts and also publish a unique web page later today for “one stop information and solutions” to help customers take steps to further protect themselves.
On 16 August, T-Mobile launched an investigation into a claim on an online forum that suggested the personal data from over 100 million users had been breached. The seller said that the data had come from T-Mobile servers and was asking for six Bitcoin, around $270,000, for a subset of the data containing around 30 million records. A day later, the company confirmed that there had been some “unauthorized access” to its data, but hadn’t determined if any personal customer data had been involved until today.
Modern governance: The how-to guide
Equipping organisations with the right tools for business resilienceFree Download
Cloud operational excellence
Everything you need to know about optimising your cloud operationsWatch now
A buyer’s guide to board management software
How the right software can improve your board’s performance
The real world business value of Oracle autonomous data warehouse
Lead with a 417% five-year ROIDownload now