Cyberattack exposes T-Mobile customers’ info, Social Security numbers, company says
Millions of T-Mobile customers had their account information exposed in a “highly sophisticated” cyberattack.
T-Mobile confirmed Tuesday that data stolen during the hack included customers’ personal information. The company said the account information of roughly 7.8 million current postpaid customers and more than 40 million former or prospective customers was included in the stolen files.
“Importantly, no phone numbers, account numbers, PINs, passwords or financial information were compromised in any of these files of customers or prospective customers,” T-Mobile said.
But it said some of the data accessed during the attack included customers’ names, birthdays, Social Security numbers and driver’s license or other identification information.
T-Mobile said about 850,000 active prepaid customers had their names, phone numbers and account PINs exposed in the breach. It said it reset the PINs for all impacted customers and “will be notifying accordingly right away.”
“We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files,” T-Mobile said. “No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file.”
T-Mobile said it learned last week about “claims made in an online forum” that its systems had been compromised by a bad actor. The company said it “located and immediately closed the access point” it believes was used to access its servers.
“Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals,” T-Mobile said Tuesday. “We also began coordination with law enforcement as our forensic investigation continued.”
The company says it continues to investigate the data breach and is working to “help protect all of the individuals who may be at risk from this cyberattack.”
T-Mobile will offer two years of free identity protection services and “offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers,” it says.
The company said it recommends that all postpaid customers change their PINs “despite the fact that we have no knowledge that any postpaid account PINs were compromised.”
It will also be publishing a website Wednesday with information on how customers can further protect themselves.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile said. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
This story was originally published August 18, 2021 at 10:05 AM with the headline "Cyberattack exposes T-Mobile customers’ info, Social Security numbers, company says."
