T-Mobile confirms data stolen includes personal information

Tech giant T-Mobile has confirmed that millions of customers have had their data breached during a cyberattack

T-Mobile has confirmed that millions of customers have had their data stolen during a hack. Data from 7.8m postpaid, 850,000 prepaid, and records from 40m former and prospective customers were breached.

The stolen information included customers’ full names, dates of birth, social security numbers, and IDs such as driver’s licenses, the Bellevue, Washington-based company said in a statement today (Wednesday 18th). The hack doesn’t appear to have included credit card details or other financial information, it said.
 

When did the hack happen?


Late last week the company was informed of claims made in an online forum that a bad actor had compromised T-Mobile systems. They immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with the assessment.

The alleged hacker told Motherboard that the data belonged to “T-Mobile USA” customers and contains everything from names, social security numbers, and phone numbers, to home addresses and driver license information. The news site said it was able to confirm the accuracy of the stolen data after reviewing a sample.

The perpetrator is asking for 6 bitcoin — currently worth about $285,000, just for a portion of the data, which would consist of 30 million social security numbers and driver's licenses.

 

Taking precautionary measures

 

As a result of this hack, T-Mobile is taking steps to help protect all of the individuals who may be at risk from this cyberattack.

  • Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
  • Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
  • Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
  • Publishing a unique web page for one stop information and solutions to help customers take steps to further protect themselves. 

This is not the first data breach T-Mobile has experienced. In January, T-Mobile had a data breach that saw cybercriminals steal about 200,000 call records and other subscriber data. Last year, T-Mobile had two incidents,  there was a breach on its email systems that saw hackers access some T-Mobile employee email accounts and access customer data; and a breach of a million prepaid customers’ personal and billing information months later. 

 

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security