Earlier this week, a forum post claimed to be selling the personal information of over 100 million T-Mobile subscribers. A few hours after the forum post went live, T-Mobile confirmed that it suffered a data breach, but it didn’t reveal what information was leaked or how many people were affected. Today, an official T-Mobile spokesperson confirmed that nearly 48 million people are affected by the data breach.
In a statement to Digital Trends, T-Mobile confirmed that nearly 7.8 million current T-Mobile customers and around 40 million former T-Mobile postpaid customers (or the ones who had previously applied for credit) were affected by the cyberattack.
The company claims that there is no “indication” that the hackers accessed data like customer’s credit or debit card numbers. “Nor does it believe hackers accessed any phone numbers, account numbers, PINs, or passwords,” says the report.
However, T-Mobile has admitted that hackers were able to extract information like first name, last name, date of birth, social security number, and driver’s license/ID information. Moreover, the company has confirmed that nearly 850,000 active T-Mobile prepaid account PINs were also exposed in the data breach.
“We have already proactively reset all of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.”
T-Mobile says it’s in the process of helping all the individuals affected by the data breach. The company says the people affected will be contacted “shortly” with advice on what action has to be taken. Some people will be asked to PIN information, despite the company claiming that they “have no knowledge that any postpaid account PINs were compromised.”
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack.”
Moreover, T-Mobile will offer two years of free McAfee’s ID Theft Protection Service and encourage customers to sign up for T-Mobile’s Account Takeover Protection service.
T-Mobile is encouraging all of its customers to change the PIN after it suffered such a major blow. The company says it will be posting a dedicated webpage later today with some additional information about the data breach.