T-Mobile confirmed that the personal information of millions of current and prospective customers was compromised in a recent “highly sophisticated cyberattack.”
Some of the data accessed by hackers includes first and last names, dates of birth, social security numbers, and drivers license or ID information. The company said no phone numbers, account numbers, passwords or financial information, including credit or debit card details, were compromised.
The cell phone carrier said the access point bad actors used to illegally gain entry to its servers was located and closed, but the company’s investigation into the breach is ongoing.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company said.
Moreover, the company confirmed that some 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed. No customers of Metro by T-Mobile, formerly Sprint prepaid, or Boost had their names or PINs exposed.
T-Mobile said it’s offering two years of free identity protection services with McAfee’s ID Theft Protection Service to customers who are affected, and is recommending all T-Mobile postpaid customers proactively change their account PINs.
The company also said it’s also launching a web page on Wednesday with additional information to help customers protect themselves.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” the company said. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
The breach at T-Mobile comes in the wake of multiple high-profile cybersecurity attacks this year that have targeted meat processors, oil pipeline operators and more. In May, President Joe Biden signed an executive order aimed at modernizing the federal government’s response to cyberattacks.