T-Mobile US Says Personal Data of Nearly 50 Million Customers
August 18, 2021
The U.S. subsidiary of German telecommunications company
T-Mobile said Wednesday that the personal data of more than 40
million former and prospective customers — including names,
Social Security numbers and driver's license information — had
been exposed in a data breach.
In a statement, the cellphone service said the same data were
also compromised for about 7.8 million current T-Mobile postpaid
customers. But they added that no phone numbers, account
numbers, personal identification numbers, passwords or financial
information from the nearly 50 million records and accounts had
T-Mobile also confirmed that about 850,000 of its active prepaid
customer names, phone numbers and account PINs had been exposed.
The company said it had proactively reset all the PINs on those
accounts. It said Metro by T-Mobile, Boost and former Sprint
prepaid customers did not have their names or PINs exposed.
Experts brought in
company first announced its discovery of the “unauthorized
access” to its data Monday. It said it immediately began
investigating the claims and brought in “world-leading
cybersecurity experts” to help. The company said it located and
immediately closed the access point that it believed was used to
illegally access the servers.
T-Mobile said it was taking immediate steps to help protect
everyone who may be at risk from the cyberattack and was
offering everyone affected two years of free identity protection
services. Company officials recommended all their postpaid
customers proactively change their PINs.
The company said it would publish a unique web page Wednesday
with information about how customers can further protect
themselves. It said the investigation was continuing.