T-Mobile data breach hit 47.8 million accounts, most not current customers

By William Gallagher

Of the total 47.8 million people whose data was stolen in the T-Mobile server attack, more than 40 million of them are former and prospective T-Mobile customers -- and the company claims no financial information was compromised.

T-Mobile

Following the reported hack of T-Mobile where information regarding 100 million customers was stolen, the company has issued a preliminary report. Saying that it's investigation is "urgently" continuing, the "Additional Information" report reveals that more users were affected than previously believed.

"Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts' information appears to be contained in the stolen files," says the company in the report, "as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile."

T-Mobile says that on learning of the attack, it "located and immediately closed the access point" that its security experts "believe was used to illegally gain entry to our servers."

"[We] have now been able to confirm that the data stolen from our systems did include some personal information," say the company. "Some of the data accessed did include customers' first and last names, date of birth, SSN, and driver's license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers."

T-Mobile repeatedly stresses that it has "no indication that the data... included any customer financial information, credit card information, debit or other payment information."

The company says that is cooperating with law enforcement, and that it has implemented measures "to help protect all of the individuals who may be at risk from this cyberattack."

Those measures include offering two years of free identity protection services using the McAffee Theft Protection Service. T-Mobile has also recommending that postpaid customers change their PIN, while it has already "proactively reset" all PINs on pre-paid accounts.

This cyberattack is believed to be the largest it has suffered. In 2018, data from two million customers was stolen, which was followed by a further hack in 2019.