T-Mobile admitted this week that it recently suffered a breach in which the data of more than 40 million current, former or prospective customers was exposed.
The theft included the Social Security numbers of its customers, according to Vice.
T-Mobile said in a statement Tuesday that “we have been urgently investigating the highly sophisticated cyberattack against T-Mobile systems, and in an effort to keep our customers and other stakeholders informed we are providing the latest information we have on this event and some additional details.”
The carrier was made aware last week that a “bad actor” had “compromised T-Mobile systems.” The company then brought in what it called “ world-leading cybersecurity experts” in order to investigate the matter.
“Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued,” T-Mobile’s announcement said. “While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.”
While T-Mobile confirmed that the data included the names, dates of birth, Social Security numbers, and drivers’ license and ID information, it did not include any “customer financial information, credit card information, debit or other payment information.” In addition, the hack does not appear to have affected any “phone numbers, account numbers, PINs, passwords, or financial information.”
The total damage was that the stolen files included the information of 7.8 million of T-Mobile’s current postpaid customers, per the announcement. In addition, “40 million records of former or prospective customers who had previously applied for credit with T-Mobile” were stolen.
T-Mobile has confirmed that about 850,000 “active T-Mobile prepaid customer names, phone numbers and account PINs” were exposed in the hack as well.
In order to make it up to their customers, T-Mobile is offering customers a full two years of free identity protection services, via McAfee’s ID Theft Protection Service. In addition, the company is recommending that all of their postpaid customers change their PIN numbers, either by going online or contacting their Customer Care team. The company also plans to publish a unique website dealing with the issue.
This is not the first breach suffered by T-Mobile customers within the past several years. As noted by the Wall Street Journal, more than fifteen million T-Mobile subscribers were affected by the 2015 Experian breach, while T-Mobile itself suffered two more, smaller breaches in 2020.
T-Mobile and Sprint completed their merger last year.
Stephen Silver, a technology writer for the National Interest, is a journalist, essayist and film critic, who is also a contributor to The Philadelphia Inquirer, Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.