T-Mobile has confirmed that the records of 47.8 million current, prospective, and former customers have been accessed by hackers, which represents nearly half of the 100 million records that were found for sale online earlier this week.
The company’s preliminary analysis has shown that around 7.8 million current T-Mobile postpaid customer accounts’ information appears in the files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.
“Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers,” the company confirmed.
It said that, so far, there is “no indication” that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information. adding that around 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed.
The company has proactively reset all of the PINs on these accounts and will start notifying customers accordingly “right away”.
T-Mobile revealed it is taking “immediate steps” to help protect all individuals who may be at risk from this "cyber attack". It is set to offer customers two years of free identity protection services with McAfee’s ID Theft Protection Service, and recommend its postpaid customers to change their PINs, despite the fact that it has “no knowledge” that any of these PINs were compromised.
RELATED RESOURCE
It will also offer “an extra step” to customers to protect their mobile accounts and also publish a unique web page later today for “one stop information and solutions” to help customers take steps to further protect themselves.
On 16 August, T-Mobile launched an investigation into a claim on an online forum that suggested the personal data from over 100 million users had been breached. The seller said that the data had come from T-Mobile servers and was asking for six Bitcoin, around $270,000, for a subset of the data containing around 30 million records. A day later, the company confirmed that there had been some “unauthorized access” to its data, but hadn’t determined if any personal customer data had been involved until today.
-
Futurum Group endpoint security trends 2023whitepaper Protection across AI attack vectors
-
Workshop: Network security design for cloudwhitepaper Network security design
-
PowerEdge - Cyber resilient infrastructure for a Zero Trust worldWhitepaper Combat threats with an in-depth security stance focused on data security
-
Acer confirms breach after cyber attack on Indian serversNews The attackers claim the data belongs to several million customers
-
T-Mobile confirms it was hit by a data breachNews The US operator has not yet determined if there is any personal customer data involved
-
Ryuk ransomware is now targeting web serversNews Researchers discover that new functionality has been added to the malware to increase damage
