Data of 40 million exposed in latest T-mobile breach
Number of people involved far exceeds previous attacks
The names, Social Security numbers and information from driver’s licenses or other identification of just over 40 million people who applied for T-mobile credit were exposed in a recent data breach, the company said Wednesday.
The same data for about 7.8 million current T-mobile customers who pay monthly for phone service also appears to be compromised. No phone numbers, account numbers, PINS, passwords or financial information from the nearly 50 million records and accounts were compromised, it said.
T-mobile has been hit before by data theft but in the most recent case, “the sheer numbers far exceed the previous breaches,” said Gartner analyst Paul Furtado.
T-mobile, which is based in Bellevue, Wash., became one of the country’s largest cellphone service carriers, along with AT&T and Verizon, after buying rival Sprint last year. It reported having a total of 102.1 million U.S. customers after the merger.
“Yes, they have a big target on their back but that shouldn’t be a surprise to them,” Furtado said. “You have to start questioning the organization. How much are they actually addressing these breaches and the level of seriousness?”
T-mobile also confirmed Wednesday that approximately 850,000 active T-mobile prepaid customer names, phone numbers and account PINS were exposed. The company said that it proactively reset all of the PINS on those accounts. No Metro by Tmobile, former Sprint prepaid, or Boost customers had their names or PINS exposed.
There was also some additional information from inactive prepaid accounts accessed through prepaid billing files. Tmobile said that no customer financial information, credit card information, debit or other payment information or Social Security numbers were in the inactive file.
T-mobile had said earlier this week that it was investigating a leak of its data after someone took to an online forum offering to sell the personal information of cellphone users.
The company said Monday that it had confirmed there was unauthorized access to “some T-mobile data” and that it had closed the entry point used to gain access. “If you were affected, you’ll hear from us soon,” CEO Mike Sievert tweeted in response to a concerned customer Tuesday.
The company now says it will immediately offer two years of free identity protection services and is recommending that all of its postpaid customers — those who pay in monthly installments — change their PIN.