T-Mobile Hackers Stole Personal Data Of 7.8 Million Customers

The scale of the hacker break-in at US telecoms company T-Mobile has been revealed, with millions of current and former customers impacted.

On Monday, T-Mobile confirmed that “some” customer data had been compromised, after it investigated media reports of a forum post, which claimed to have data of over 100 million T-Mobile customers, stolen from T-Mobile servers.

In an update on Tuesday, T-Mobile reported its findings of the cyberattack, and confirmed that personal data, including customers’ first and last names, date of birth, SSN, and driver’s license/ID information had been compromised. It said it had “no indication” that any financial data (credit card, debit or other payment information) had been compromised (at this time).

Breach update

“As we shared yesterday, we have been urgently investigating the highly sophisticated cyberattack against T-Mobile systems, and in an effort to keep our customers and other stakeholders informed we are providing the latest information we have on this event and some additional details,” said the US mobile operator.

T-Mobile said that its preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files.

Even worse, T-Mobile said that just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile, were also compromised.

However it said that no “phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”

“As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack,” the operator said.

T-Mobile customers will be immediately offered 2 years of free identity protection services with McAfee’s ID Theft Protection Service.

It is also recommending (as a precaution) that all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling their Customer Care team by dialing 611 on their phone.

The operator is also offering customers an extra step to protect thier mobile account with T-Mobile’s Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.

It has also provided customers with a dedicated webpage for customers over the matter.

“At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed,” the operator said. “We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.”

T-Mobile said that it has confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. But no customer financial information, credit card information, debit or other payment information or SSN was compromised it said.

Previous hacks

It should be noted that T-Mobile has been hacked on multiple occasions in the past, with some publications reporting that the operator has been hacked as many as five times in recent years.

In 2015 the personal data on 15 million T-Mobile USA customers appeared online for sale.

T-Mobile last year finally completed its $26 billion acquisition of rival Sprint, in a deal that took years to complete.

The merger, which almost took place in 2014, was revealed in April 2018, but faced significant regulatory scrutiny over concerns it would reduce competition, and result in higher prices for consumers.

Deutsche Telekom, which owns T-Mobile, had been negotiating with Japan’s SoftBank, which controlled Sprint, for years.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 hour ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

4 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

5 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

6 hours ago