T-Mobile says 5.3M more customers affected by breach, IMEI data stolen

article thumbnail

T-Mobile has confirmed that a massive data breach affecting both current and former customers is now worse than it originally reported.

The carrier on Friday confirmed that leaked information for 7.8 million current postpaid customers also included phone numbers and International Mobile Equipment Identity (IMEI) numbers, which are unique identifiers assigned to every mobile device. T-Mobile has been investigating the data breach and sharing more details as they come to light.

Notably, IMEI data could potentially be used to track the location of mobile devices or be used in SIM swapping attacks that could aid bad actors in bypassing multi-factor authentication for accounts.

An unspecified number of files contained "phone numbers, IMEI, and IMSI numbers." Although T-Mobile claims those files did not contain any personally identifiable information, the data can be easily used to tie a person's identity to their phone number.

T-Mobile also confirmed that the data breach has affected an additional 5.3 million current customers and 667,000 former subscribers. However, those customers did not have their driver's license or ID or their Social Security numbers leaked as part of the breach.

While former Boost Mobile or Sprint prepaid customers were not affected by the breach, the carrier has said that 52,000 names tied to Metro by T-Mobile accounts were stolen.

Earlier in August, reports indicated that bad actors were selling data on 100 million T-Mobile customers after a server attack. T-Mobile later confirmed that at least 47.9 million people were affected by the server breach.

On Friday, the personal data of more than 70 million AT&T customers was also found for sale on an underground hacking forum.