A cyberattack on T-Mobile has exposed the information of over 40 million people.
In a statement issued by the organization, that it had been investigating the data breach since last week when it was “informed of claims made in an online forum that a bad actor had compromised T-Mobile systems.”
The company said the stolen files included information from nearly 7.8 million active T-Mobile accounts, as well as former or prospective customers who had applied for credit with the company numbering over 40 million. Some of the exposed data included customers’ names (first and last), social security numbers, driver’s licenses, and other information, T-Mobile said.
It also included the PIN of about 850,000 active prepaid customers. The company said it would carry out PIN reset for prepaid customers, and urged other customers to change their PINs as well. Adding that it would create a website to “help customers take steps to further protect themselves.”
But, there was no sign that financial, credit card, or other payment information was stolen. As the compromised data did not include phone numbers, account numbers, or passwords
The company said it had “immediately closed” the access point in its computer system that it believed was targeted by the cyberattack.
Over the years, T-Mobile has struggled to stave off hackers and prevent data breaches. In 2018, T-Mobile suffered a security breach that compromised the personal information of as many as two million customers, including phone numbers, email addresses, and account numbers. In 2019, the company’s email vendor was hacked, revealing some customer and employee personal information.
In response to the breach, the company said it would offer two years of free identity protection services.