T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50,000 current, former, and prospective customers.
Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company data breach. At that time, it was not known if personal customer data had been accessed, but T-Mobile has now confirmed that the stolen data included personal information, such as customer names, dates of birth, SSN, and identification such as driver’s licenses. There is as yet no indication that the data contained information about customer financial or payment information.
Currently, the information of 7.8 million current T-Mobile customers is believed to have been stolen, as well as information of over 40 million former or prospective customers. The company has been able to confirm that approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed, leading the company to proactively reset all of these PINs.
Customers are due to be contacted shortly with the news that T-Mobile will immediately offer two years of free identity protection services with McAfee’s ID Theft Protection Service, implement an additional step to protect mobile accounts with Account Takeover Protection, and publish a new web page for information and solutions for customers to further protect themselves. Customers will also be encouraged to change their account’s PIN. T-Mobile’s investigation into the data breach is ongoing.