T-Mobile confirms millions of customers caught up in data breach

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

T-Mobile has confirmed that an unauthorized user has indeed managed to scoot away with the personally identifiable information (PII) of several millions customers.

The incident first came to light when the apparent T-Mobile hacker offered to offload the ill-gotten data, which they claimed to have stolen from T-Mobile servers. T-Mobile earlier told TechRadar Pro that it was investigating the hacker’s claims, then later delivered a statement that confirmed the leak without quantifying the damage.

However, in its latest statement, the telecoms company says it has been able to establish that the hacker did manage to lift the PII of millions of its customers.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company wrote.

All too common

Confirming the hacker’s claims, T-Mobile said that, besides the full name of their customers, the leaked data also included other sensitive information, including their date of birth, social security numbers (SSN) and driver’s license details. 

“We have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed,” added T-Mobile, stating that it has proactively reset all of the PINs on the leaked accounts.

The company claims that, while the investigation is still underway, it has no reason to believe the stolen records included any financial details of the customers.

In response to the leaks, T-Mobile has announced a number of remedial steps to prevent the misuse of the information, including offering two-year complimentary access to McAfee’s identity protection services.

However, Ric Longenecker, CISO at cybersecurity vendor Open Systems told TechRadar Pro that the incident is further proof that companies must immediately take preventive steps to fend off such breaches from occurring in the first place.

“Another day, another cyberattack on a major company results in the personal information of millions of people being stolen. This has become an all too common occurrence for companies worldwide – and the fifth known data breach for T-Mobile over the past three years,” said Longenecker.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.