On T-Mobile’s Investors blog, it issued an update on its ongoing breach investigation, confirming that customer data was stolen.
For around 7.8 million current postpaid customers, as well as over 40 million previous or prospective customers who had applied for credit with the company, the stolen data reportedly contained names, driver’s license information, dates of birth, and even Social Security numbers.
The company said that the cyberattack hadn’t comprised phone numbers, account numbers, passwords, or financial information. Payment information, such as credit card details, was also not taken.
T-Mobile also revealed that the names, phone numbers, and PINs of 850,000 prepaid users had been stolen.
The company is taking quick action to protect its customers who have been harmed by the cyberattack and has begun contacting them. Prepaid customers’ PINs have already been reset by T-Mobile, and others have been encouraged to do so as well.
T-Mobile noted on its Investor page, “We take our customers’ security very seriously, and we’ll keep working around the clock on this forensic investigation to ensure we’re protecting them from this malicious attack.”
Customers who are affected will receive two years of free identity theft protection from McAfee’s ID Theft Protection Service. Customers should take advantage of T-Mobile’s Account Takeover Protection service, according to the company.
The access point used to obtain access has been shut down. As additional information about the incident becomes available, T-Mobile said it will continue the investigation and work with law enforcement.
