T-Mobile has confirmed that a data breach has exposed the data of around 48 million of its customers in the US.
According to the telecoms company, the breach includes personal information, including first and last names, dates of birth and driver’s licence information, along with social security numbers (SSN) and PINs.
Around 7.8 million current T-Mobile customers had their data exposed, with the other 40 million being former or prospective customers. T-Mobile said that it had reset the PINs on the affected accounts as a precaution.
At present, the breach appears to have been confined to the US with no UK customers affected.
The T-Mobile breach started this week after an anonymous individual on a hacker forum claimed to have accessed data on 100 million of the telecoms company’s customers.
They also said that they had begun selling the stolen information. The person was charging six bitcoins (£194,000) to access the data.
This post alerted the company to its compromised systems, leading to the investigation alongside cybersecurity experts.
With T-Mobile boasting 100 million US customers as of November last year, the breach represents a significant share of the company’s customer base. The revelations come after a two-day investigation.
T-Mobile has since said that they have secured their systems since the breach. However, it failed to specify how the hacker was able to access its systems, claiming only that the cyberattack was “highly sophisticated”.
In addition, the company has offered its customers two years of identity protection services for free.
T-Mobile said it is working with law enforcement agencies. The US Federal Communications Commission (FCC) has since stated that it will investigate the breach.
- The Spy Who Loved Me – How Apple are failing stalkerware victims
- Twitter to test report function for ‘misleading’ content
- UK technology adoption sees fastest-ever rise
“As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack. Communications will be issued shortly to customers,” the company said in a statement.
In addition, T-Mobile is recommending customers proactively change their PIN. “This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised,” the company added.
The company has created a website to provide information and solution for all affected customers.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack.
“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”