T-Mobile has confirmed that millions of customers have had their data stolen during a hack. Data from 7.8m postpaid, 850,000 prepaid, and records from 40m former and prospective customers were breached.
The stolen information included customers’ full names, dates of birth, social security numbers, and IDs such as driver’s licenses, the Bellevue, Washington-based company said in a statement today (Wednesday 18th). The hack doesn’t appear to have included credit card details or other financial information, it said.
When did the hack happen?
Late last week the company was informed of claims made in an online forum that a bad actor had compromised T-Mobile systems. They immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with the assessment.
The alleged hacker told Motherboard that the data belonged to “T-Mobile USA” customers and contains everything from names, social security numbers, and phone numbers, to home addresses and driver license information. The news site said it was able to confirm the accuracy of the stolen data after reviewing a sample.
The perpetrator is asking for 6 bitcoin — currently worth about $285,000, just for a portion of the data, which would consist of 30 million social security numbers and driver's licenses.
Taking precautionary measures
As a result of this hack, T-Mobile is taking steps to help protect all of the individuals who may be at risk from this cyberattack.
- Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
- Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
- Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
- Publishing a unique web page for one stop information and solutions to help customers take steps to further protect themselves.
This is not the first data breach T-Mobile has experienced. In January, T-Mobile had a data breach that saw cybercriminals steal about 200,000 call records and other subscriber data. Last year, T-Mobile had two incidents, there was a breach on its email systems that saw hackers access some T-Mobile employee email accounts and access customer data; and a breach of a million prepaid customers’ personal and billing information months later.