T-Mobile Hackers Stole Personal Data Of 7.8 Million Customers

The scale of the hacker break-in at US telecoms company T-Mobile has been revealed, with millions of current and former customers impacted.

On Monday, T-Mobile confirmed that “some” customer data had been compromised, after it investigated media reports of a forum post, which claimed to have data of over 100 million T-Mobile customers, stolen from T-Mobile servers.

In an update on Tuesday, T-Mobile reported its findings of the cyberattack, and confirmed that personal data, including customers’ first and last names, date of birth, SSN, and driver’s license/ID information had been compromised. It said it had “no indication” that any financial data (credit card, debit or other payment information) had been compromised (at this time).

Breach update

“As we shared yesterday, we have been urgently investigating the highly sophisticated cyberattack against T-Mobile systems, and in an effort to keep our customers and other stakeholders informed we are providing the latest information we have on this event and some additional details,” said the US mobile operator.

T-Mobile said that its preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files.

Even worse, T-Mobile said that just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile, were also compromised.

However it said that no “phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”

“As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack,” the operator said.

T-Mobile customers will be immediately offered 2 years of free identity protection services with McAfee’s ID Theft Protection Service.

It is also recommending (as a precaution) that all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling their Customer Care team by dialing 611 on their phone.

The operator is also offering customers an extra step to protect thier mobile account with T-Mobile’s Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.

It has also provided customers with a dedicated webpage for customers over the matter.

“At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed,” the operator said. “We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.”

T-Mobile said that it has confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. But no customer financial information, credit card information, debit or other payment information or SSN was compromised it said.

Previous hacks

It should be noted that T-Mobile has been hacked on multiple occasions in the past, with some publications reporting that the operator has been hacked as many as five times in recent years.

In 2015 the personal data on 15 million T-Mobile USA customers appeared online for sale.

T-Mobile last year finally completed its $26 billion acquisition of rival Sprint, in a deal that took years to complete.

The merger, which almost took place in 2014, was revealed in April 2018, but faced significant regulatory scrutiny over concerns it would reduce competition, and result in higher prices for consumers.

Deutsche Telekom, which owns T-Mobile, had been negotiating with Japan’s SoftBank, which controlled Sprint, for years.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

18 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

19 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

19 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

20 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

20 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

21 hours ago