UPDATE T-Mobile said Wednesday it’s been “urgently investigating the highly sophisticated cyberattack” against its systems. The telecom shared more details concerning the timeline and what the company is doing to handle the breach.
The company’s preliminary analysis shows about 7.8 million current T-Mobile postpaid customer accounts’ information appears to be in files that were stolen. So were the records of just over 40 million of former or prospective customers who had previously applied for credit with T-Mobile, according to the company.
Some of the accessed data included customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpaid customers and prospective T-Mobile customers. T-Mobile stressed that no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the stolen files.
To protect these individuals who may be at risk from this cyberattack, the company said it is:
- Offering two years of free identity protection services with McAfee’s ID Theft Protection Service.
- Recommending all T-Mobile postpaid customers change their PIN by going online into their T-Mobile account or calling the Customer Care team by dialing 611 on their phone. “This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised,” stated the carrier.
- Offering an extra step to protect mobile accounts with its Account Takeover Protection capabilities for postpaid customers, which the carrier says makes it harder for customer accounts to be fraudulently ported out and stolen.
- Publishing a unique web page for one stop information and solutions to help customers take steps to further protect themselves.
The company also confirmed that some 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed. The telecom said: it “reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away.” No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed, according to the carrier.
Some additional information from inactive prepaid accounts was accessed through prepaid billing files, according to T-Mobile. It said: “No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file.”
T-Mobile stressed that it takes customers’ protection very seriously and it will continue to work around the clock on a forensic investigation to ensure its taking care of customers “in light of this malicious attack.” It notes the investigation is ongoing, and it “may learn additional facts that cause the details to change or evolve.”
Cybersecurity experts are helping T-Mobile with its assessment; the company says it has closed the access point it believes “bad actors” used to illegally gain entry to its servers.
Reader Interactions