T-Mobile U.S. Inc. confirmed that the hackers have stolen some personal information of its customers from its systems in the latest data breach. However, it has no indication that the data contained in the stolen files included any information related to customer financial, credit card, debit or other payment information.
According to the telecom major, around 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Meanwhile, no phone numbers, account numbers, PINs, passwords or financial information were compromised in any of these files of customers or prospective customers.
In addition, around 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed. The company has already proactively reset ALL of the PINs on these accounts to help protect these customers. Further, it said that no Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.
The company’s investigation into the cyberattack is ongoing. As per its probe, some of the data accessed included customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.
The company had earlier said it was informed last week of claims made in an online forum that a bad actor had compromised T-Mobile systems. According to a report from Vice Media’s Motherboard technology-news site, the personal data of over 100 million customers have been breached, some of which were up for sale in exchange for bitcoin.
The company said it immediately began an exhaustive investigation into these claims with the help of certain cybersecurity experts.
T-Mobile confirmed Monday that unauthorized access to some of its data occurred, but it was not determined then whether personal customer data was involved.
In its latest update, T-Mobile noted that, after receiving the information about the data breach, it located and immediately closed the access point that was believed to be used to illegally gain entry to the servers.
The company was able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. It also began coordination with law enforcement as its forensic investigation continued.
Following the data breach, T-Mobile has taken actions to help protect affected individuals. T-Mobile is immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
The company also recommended all T-Mobile postpaid customers to proactively change their PIN by going online into their T-Mobile account or calling Customer Care team.
A unique web page is available for one stop information and solutions to help customers take steps to further protect themselves.
For comments and feedback contact: firstname.lastname@example.org