T-Mobile Admits to Data Hack of Almost 50 Million Customers

Posted on August 18, 2021 by Paul Thurrott in Cloud, Mobile with 15 Comments

T-Mobile has admitted to the theft of personal data from about 7.8 million current and over 40 million former and prospective customers.

“We have been urgently investigating [a] highly sophisticated cyberattack against T-Mobile systems,” a T-Mobile release states. “Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued.”

T-Mobile was alerted to the breach via an online forum late last week and the un-carrier claims that it immediately began an exhaustive investigation, seeking help from “world-leading cybersecurity experts.” According to its preliminary analysis, T-Mobile is now confirming that personal data was stolen, including customer financial information, credit card information, debit, or other payment information. And in some cases, first and last names, date of birth, social security numbers, and driver’s license and ID information was also stolen.

As noted, the firm says that this breach impacts about 7.8 million current customers and over 40 million former and prospective customers. But there are also about 850,000 prepaid T-Mobile customers impacted as well; in those cases, the breach exposed names, phone numbers, and account PINs, and the company has proactively reset those PINs.

Existing customers who are impacted by the breach will soon receive communications from T-Mobile offering them two years of free identity protection services through McAfee’s ID Theft Protection Service. It recommends that all T-Mobile postpaid customers immediately change PIN online or via a customer service representative. And it is providing Account Takeover Protection capabilities for postpaid customers, which it says will make it harder for accounts to be fraudulently ported out and stolen.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile adds, noting that it will soon publish information on its website that will help customers learn more and protect themselves from identity theft.

Tagged with , ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (15)

15 responses to “T-Mobile Admits to Data Hack of Almost 50 Million Customers”

  1. yoshi

    So are they only going to offer identity protection for current customers? What about the 40 million others impacted? Crazy.

  2. eric_rasmussen

    Securing systems against attack takes careful planning by security specialists. Companies these days have figured out that it's less expensive to offer identity coverage after the fact than it is to keep security personnel and precesses on the payroll.

  3. bluvg

    Good time to be in the ID coverage space. ID protection is the standard response now. Not many customers take them up on it, though, and many likely already have it from another breach.

  4. brettscoast

    There is no way to sugar coat this it's a shocker, as for being lumbered with any McAfee solution for existing customers, I suppose something's better than nothing.

    • youwerewarned

      The "ID-protectors" want you to turn over scads of info in order for them to "protect" you -- the same stuff the bad guys want. So you are just increasing the attack surface by going along with these "security" solutions. I'll call that WORSE than nothing.

    • lvthunder

      Why is it a shocker? If the bad guys weren't a step ahead of the good guys there would be no crime. I would bet there isn't 1 network in the world that is 100% safe. Espically the ones that have 1000's of users using them.

  5. cruzallen

    This sounds like yet another massive data breach. However, the article here conflicts with the post it links to where they say, "We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information." The article here seems to make it sound worse than T-Mobile originally posted.


    Paul?

    • LocalPCGuy

      Not Paul. But, why believe the PR that is released after a company has been seriously hacked and compromised. The modus operandi is to deflect, in these instances. T-Mobile is not fully honest and up front about such things, historically, as there is no legal or financial penalty for keeping the truth close to their corporate vest.

  6. markbyrn

    Welp, once again time to do another credit lockdown.

  7. plm

    I've now had my account information comprised by T-Mobile twice. Several years ago T-Mobile had another breach that resulted in two years of free ID protection, followed by years of BS about buying more ID protection. This is maddening.

  8. jblank46

    Ugh I got the text yesterday saying I was in the breach or whatever but no thank you I do not want your mcafee crap. I’m gonna freeze my credit reports and continue with my existing credit monitoring. I dunno if I should be trying to jump ship though. Tmobile seems to be going to the dogs, BUT still is better than dealing with AT&T…

Leave a Reply