Once again, T-Mobile has given an update on their latest findings regarding the recent data breach. Although the investigation is still ongoing, the company revealed the extent of the attack today.
According to T-Mobile’s preliminary analysis, the attack was able to obtain records of more than 40 million “former or prospective customers” that applied for credit, as well as 7.8 million existing postpaid customers.
The data that was collected by the hackers included sensitive personal information, such as the first and last names, birthdates, driver’s license/ID numbers, and Social Security numbers. T-Mobile says that the attacker was unable to obtain “phone numbers, account numbers, PINs or passwords.”
Unfortunately, the attacker was also able to obtain data from more than 850,000 T-Mobile Prepaid customers. The information stolen from these customers include their names, phone numbers, and account PINS. T-Mobile says that they have already notified affected customers and reset their PINs.
There have been reports that the data of inactive prepaid customers was also retrieved in the attack. But T-Mobile has responded to the reports and said that “No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file.”
T-Mobile apologized for the attack once again and even included a dedicated page on its website. This page gives customers information and shortcuts on how they can change their passwords and PINs. In addition to this, T-Mo is offering two years of free identity protection services from McAfee. T-Mobile also recommends its customers to change their PIN as soon as possible. And to prevent SIM-swapping attacks, T-Mobile has pointed to its Account Takeover Protection capabilities.
“Customers trust us with their private information and we safeguard it with the utmost concern. A recent cybersecurity incident put some of that data in harm’s way, and we apologize for that. We take this very seriously, and we strive for transparency in the status of our investigation and what we’re doing to help protect you.”
No Metro by T-Mobile or former Sprint prepaid and Boost Mobile customers have been included in the attack.