T-Mobile on Wednesday released more details about a “highly sophisticated cyberattack” that exposed data from more than 40 million former or prospective customers who had applied for credit with the company, as well as 7.8 million current postpaid subscribers.
The stolen files do not appear to include customer financial, credit card, debit or other payment information, T-Mobile said. However, first and last names, date of birth, SSN, and driver’s license/ID information was accessed. And about 850,000 active prepaid customers had their name, phone numbers, and account PINs exposed. T-Mobile said it proactively reset the PINs on those accounts.
The total number of affected customers is lower than the previously reported 100 million estimate, but it’s still a sizable breach, and one of several that T-Mobile has dealt with over the past few years.
T-Mobile, which has more than 104 million subscribers, said its investigation is still ongoing. It recommends postpaid customers to change their PIN and is offering two years of free identity protection services with McAfee’s ID Theft Protection Service. The company will launch a standalone web page with more related info and resources later Wednesday.