T-Mobile: 49 Million Customers Hit by Data Breach
T-Mobile has admitted that threat actors have stolen personal information on 48.6 million current, former and prospective customers.
The US carrier revealed in a notice yesterday that the breach affected 7.8 million current T-Mobile post-paid customer accounts, over 40 million records of former or prospective customers who had applied for credit and 850,000 active T-Mobile prepaid customers.
Previous reports had claimed that over 100 million customers might have been hit after a threat actor offered customer records for sale on a hacking forum.
T-Mobile said its investigation is still ongoing, and it’s unclear for now how the compromise occurred. However, the firm claimed that the “highly sophisticated cyber-attack” did not affect customers’ financial information.
Compromised personal data of post-paid customers and those applying for credit is thought to have included first and last names, dates of birth, Social Security numbers (SSNs) and driver’s license/ID information.
For the 850,000 active T-Mobile prepaid customers affected by the attack, the hacker is thought to have obtained names, phone numbers and account PINs.
T-Mobile said it’s offering affected customers free identity protection services for two years and recommends post-paid customers change their PIN, even though these numbers are not thought to have been compromised. The firm said it’s also offering account takeover protection for post-paid customers.
