T-Mobile announced on its website Tuesday “just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile” were stolen in a data breach last week. The breach also included account information for about 7.8 million current T-Mobile customers.
The company calls the incident a “highly sophisticated cyberattack against T-Mobile systems”.
According to T-Mobile, “some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information.”
The company also said about 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed. The company said it has reset all of the PINs on those accounts.
T-Mobile said it is also taking the following steps to help breach victims:
Offering two years of free identity protection services.
Recommending all T-Mobile postpaid customers proactively change their PIN. The company said it did not know that any postpaid account PINs were compromised.
Offering an extra step to protect mobile accounts with T-Mobile’s Account Takeover Protection capabilities for postpaid customers. The company said this makes it harder for customer accounts to be fraudulently ported out and stolen.
Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.
T-Mobile confirmed Tuesday there was some additional information from inactive prepaid accounts accessed through prepaid billing files. “No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file,” the company said.
The investigation into the breach, announced Monday, began after someone took to an online forum offering to sell the personal information of cellphone users.
T-Mobile has previously disclosed a number of data breaches over the years. This includes hacks in Nov. 2019 and Aug. 2018, both of which involved unauthorized access to customer information. And back in 2015, hackers stole personal information belonging to about 15 million T-Mobile wireless customers and potential customers in the U.S. The hackers obtained the information from credit reporting agency Experian.