The U.S. subsidiary of German telecommunications company T-Mobile said Wednesday that the personal data of more than 40 million former and prospective customers — including names, Social Security numbers and driver’s license information — had been exposed in a data breach.
In a statement, the cellphone service said the same data were also compromised for about 7.8 million current T-Mobile postpaid customers. But they added that no phone numbers, account numbers, personal identification numbers, passwords or financial information from the nearly 50 million records and accounts had been compromised.
T-Mobile also confirmed that about 850,000 of its active prepaid customer names, phone numbers and account PINs had been exposed. The company said it had proactively reset all the PINs on those accounts. It said Metro by T-Mobile, Boost and former Sprint prepaid customers did not have their names or PINs exposed.
The company first announced its discovery of the “unauthorized access” to its data Monday. It said it immediately began investigating the claims and brought in “world-leading cybersecurity experts” to help. The company said it located and immediately closed the access point that it believed was used to illegally access the servers.
T-Mobile said it was taking immediate steps to help protect everyone who may be at risk from the cyberattack and was offering everyone affected two years of free identity protection services. Company officials recommended all their postpaid customers proactively change their PINs.
The company said it would publish a unique web page Wednesday with information about how customers can further protect themselves. It said the investigation was continuing. (VOA)