T-Mobile confirmed that a recent “highly sophisticated cyberattack” exposed the personal information of millions of existing and potential customers.
Hackers have obtained data such as first and last names, dates of birth, social security numbers, and information from drivers’ licenses or ID cards. No phone numbers, account numbers, passwords, or financial information, including credit or debit card information, were stolen, according to the firm.
The cell phone provider said the access point used by bad actors to obtain unauthorized access to its systems has been found and stopped, but the investigation into the breach is still underway.
“Based on our preliminary analysis, the stolen files appear to contain the information of approximately 7.8 million current T-Mobile postpaid customer accounts, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company said.
A total of 850,000 current T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed, according to the business. Names and PINs of Metro by T-Mobile, previously Sprint prepaid, and Boost subscribers were not revealed.
T-Mobile is providing impacted consumers two years of free identity protection through McAfee’s ID Theft Protection Service and is advising all T-Mobile postpaid customers to update their account PINs proactively.
On Wednesday, the firm will also create a web page with more information to assist consumers to safeguard themselves, according to the corporation.
“We take our clients’ security extremely seriously,” the firm said, adding that “we will continue to work around the clock on this forensic investigation to guarantee we are taking care of our consumers in light of this malicious assault.” “While our investigation is ongoing, we wanted to publish these preliminary conclusions in the event that we uncover more information that leads the data above to alter or evolve.”
T-hack Mobile follows a series of high-profile computer assaults this year that have attacked meat processors, oil pipeline owners, and other businesses. President Joe Biden issued an executive order in May aimed at improving the federal government’s cyber-response.