T-Mobile Admits to Data Hack of Almost 50 Million Customers

T-Mobile has admitted to the theft of personal data from about 7.8 million current and over 40 million former and prospective customers.

“We have been urgently investigating [a] highly sophisticated cyberattack against T-Mobile systems,” a T-Mobile release states. “Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

T-Mobile was alerted to the breach via an online forum late last week and the un-carrier claims that it immediately began an exhaustive investigation, seeking help from “world-leading cybersecurity experts.” According to its preliminary analysis, T-Mobile is now confirming that personal data was stolen, including customer financial information, credit card information, debit, or other payment information. And in some cases, first and last names, date of birth, social security numbers, and driver’s license and ID information was also stolen.

As noted, the firm says that this breach impacts about 7.8 million current customers and over 40 million former and prospective customers. But there are also about 850,000 prepaid T-Mobile customers impacted as well; in those cases, the breach exposed names, phone numbers, and account PINs, and the company has proactively reset those PINs.

Existing customers who are impacted by the breach will soon receive communications from T-Mobile offering them two years of free identity protection services through McAfee’s ID Theft Protection Service. It recommends that all T-Mobile postpaid customers immediately change PIN online or via a customer service representative. And it is providing Account Takeover Protection capabilities for postpaid customers, which it says will make it harder for accounts to be fraudulently ported out and stolen.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile adds, noting that it will soon publish information on its website that will help customers learn more and protect themselves from identity theft.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 15 comments

  • yoshi

    Premium Member
    18 August, 2021 - 11:22 am

    <p>So are they only going to offer identity protection for current customers? What about the 40 million others impacted? Crazy.</p>

    • crunchyfrog

      18 August, 2021 - 12:20 pm

      <p>Protection from McAfee doesn’t sound like much of a solution either.</p>

      • youwerewarned

        18 August, 2021 - 11:06 pm

        <p>"Sorry about your Ferrari — but you’ll get TWO Edsels as compensation. Why aren’t you smiling?"</p>

        • bluvg

          19 August, 2021 - 1:55 pm

          <p>Hey, those Edsels are worth something now! :P</p>

      • cruzallen

        Premium Member
        18 August, 2021 - 11:08 pm

        <p>It’s not; it’s an opportunity for McAfee.</p>

  • eric_rasmussen

    Premium Member
    18 August, 2021 - 1:41 pm

    <p>Securing systems against attack takes careful planning by security specialists. Companies these days have figured out that it’s less expensive to offer identity coverage after the fact than it is to keep security personnel and precesses on the payroll.</p>

  • bluvg

    18 August, 2021 - 6:36 pm

    <p>Good time to be in the ID coverage space. ID protection is the standard response now. Not many customers take them up on it, though, and many likely already have it from another breach.</p>

  • brettscoast

    Premium Member
    18 August, 2021 - 9:07 pm

    <p>There is no way to sugar coat this it’s a shocker, as for being lumbered with any McAfee solution for existing customers, I suppose something’s better than nothing.</p>

    • youwerewarned

      18 August, 2021 - 11:14 pm

      <p>The "ID-protectors" want you to turn over scads of info in order for them to "protect" you — the same stuff the bad guys want. So you are just increasing the attack surface by going along with these "security" solutions. I’ll call that WORSE than nothing.</p>

    • lvthunder

      Premium Member
      19 August, 2021 - 12:19 pm

      <p>Why is it a shocker? If the bad guys weren’t a step ahead of the good guys there would be no crime. I would bet there isn’t 1 network in the world that is 100% safe. Espically the ones that have 1000’s of users using them.</p>

  • cruzallen

    Premium Member
    18 August, 2021 - 11:20 pm

    <p>This sounds like yet another massive data breach. However, the article here conflicts with the post it links to where they say, "We have <strong>no indication</strong> that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information." The article here seems to make it sound worse than T-Mobile originally posted.</p><p><br></p><p>Paul?</p>

    • LocalPCGuy

      20 August, 2021 - 3:52 pm

      <p>Not Paul. But, why believe the PR that is released after a company has been seriously hacked and compromised. The modus operandi is to deflect, in these instances. T-Mobile is not fully honest and up front about such things, historically, as there is no legal or financial penalty for keeping the truth close to their corporate vest.</p>

  • markbyrn

    Premium Member
    19 August, 2021 - 11:41 am

    <p>Welp, once again time to do another credit lockdown. </p>

  • plm

    20 August, 2021 - 12:46 am

    <p>I’ve now had my account information comprised by T-Mobile twice. Several years ago T-Mobile had another breach that resulted in two years of free ID protection, followed by years of BS about buying more ID protection. This is maddening.</p>

  • jblank46

    20 August, 2021 - 4:49 pm

    <p>Ugh I got the text yesterday saying I was in the breach or whatever but no thank you I do not want your mcafee crap. I’m gonna freeze my credit reports and continue with my existing credit monitoring. I dunno if I should be trying to jump ship though. Tmobile seems to be going to the dogs, BUT still is better than dealing with AT&amp;T…</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC