T-Mobile has admitted to the theft of personal data from about 7.8 million current and over 40 million former and prospective customers.
“We have been urgently investigating [a] highly sophisticated cyberattack against T-Mobile systems,” a T-Mobile release states. “Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued.”
T-Mobile was alerted to the breach via an online forum late last week and the un-carrier claims that it immediately began an exhaustive investigation, seeking help from “world-leading cybersecurity experts.” According to its preliminary analysis, T-Mobile is now confirming that personal data was stolen, including customer financial information, credit card information, debit, or other payment information. And in some cases, first and last names, date of birth, social security numbers, and driver’s license and ID information was also stolen.
As noted, the firm says that this breach impacts about 7.8 million current customers and over 40 million former and prospective customers. But there are also about 850,000 prepaid T-Mobile customers impacted as well; in those cases, the breach exposed names, phone numbers, and account PINs, and the company has proactively reset those PINs.
Existing customers who are impacted by the breach will soon receive communications from T-Mobile offering them two years of free identity protection services through McAfee’s ID Theft Protection Service. It recommends that all T-Mobile postpaid customers immediately change PIN online or via a customer service representative. And it is providing Account Takeover Protection capabilities for postpaid customers, which it says will make it harder for accounts to be fraudulently ported out and stolen.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile adds, noting that it will soon publish information on its website that will help customers learn more and protect themselves from identity theft.