T-Mobile data breach hit 47.8 million accounts, most not current customers

Posted:
in General Discussion
Of the total 47.8 million people whose data was stolen in the T-Mobile server attack, more than 40 million of them are former and prospective T-Mobile customers -- and the company claims no financial information was compromised.

T-Mobile
T-Mobile


Following the reported hack of T-Mobile where information regarding 100 million customers was stolen, the company has issued a preliminary report. Saying that it's investigation is "urgently" continuing, the "Additional Information" report reveals that more users were affected than previously believed.

"Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts' information appears to be contained in the stolen files," says the company in the report, "as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile."

T-Mobile says that on learning of the attack, it "located and immediately closed the access point" that its security experts "believe was used to illegally gain entry to our servers."

"[We] have now been able to confirm that the data stolen from our systems did include some personal information," say the company. "Some of the data accessed did include customers' first and last names, date of birth, SSN, and driver's license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers."

T-Mobile repeatedly stresses that it has "no indication that the data... included any customer financial information, credit card information, debit or other payment information."

The company says that is cooperating with law enforcement, and that it has implemented measures "to help protect all of the individuals who may be at risk from this cyberattack."

Those measures include offering two years of free identity protection services using the McAffee Theft Protection Service. T-Mobile has also recommending that postpaid customers change their PIN, while it has already "proactively reset" all PINs on pre-paid accounts.

This cyberattack is believed to be the largest it has suffered. In 2018, data from two million customers was stolen, which was followed by a further hack in 2019.

Read on AppleInsider

Comments

  • Reply 1 of 9
    How about pin codes? 
  • Reply 2 of 9
    Yeah no credit or debit information was taken because that would be the easiest out of all the info stolen to change… Idiots. 
    watto_cobra
  • Reply 3 of 9
    Having been a former prepay T-Mobile customer, I never had to go through any credit check, so no need to provide my SSN, DOB, or drivers license info.  Hopefully, my payment info was encrypted…
    watto_cobra
  • Reply 4 of 9
    "[We] have now been able to confirm that the data stolen from our systems did include some personal information," say the company. "Some of the data accessed did include customers' first and last names, date of birth, SSN, and driver's license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers."

    T-Mobile repeatedly stresses that it has "no indication that the data... included any customer financial information, credit card information, debit or other payment information."
    Oh, gee. No credit card or debit card information. How comforting. Just full names, dates of birth and SSNs, the information necessary for identity theft.
    GeorgeBMacwatto_cobra
  • Reply 5 of 9
    GeorgeBMacGeorgeBMac Posts: 11,421member
    TomPMRI said:
    Having been a former prepay T-Mobile customer, I never had to go through any credit check, so no need to provide my SSN, DOB, or drivers license info.  Hopefully, my payment info was encrypted…

    I've found the best way to safeguard payment sources is to activate "alerts" on it so you get a text message whenever a transaction happens.   I get a text within seconds or minutes of a transaction.  My card(s) haven't been hacked for several years -- but the last time they did, that is how I identified it and was able to report a fraudulent transaction almost immediately.

    (Of course you could just cancel the card or account and get a new one)
  • Reply 6 of 9
    TomPMRI said:
    Having been a former prepay T-Mobile customer, I never had to go through any credit check, so no need to provide my SSN, DOB, or drivers license info.  Hopefully, my payment info was encrypted…
    That’s because you prepaid. So no credit needed.
    watto_cobra
  • Reply 7 of 9
    GeorgeBMacGeorgeBMac Posts: 11,421member
    I find two things most disturbing about this:
    1)  I have only seen a single instance of it being mentioned in the media (except for here at ai).   Why did this not get more attention?  Is it now normal?

    2)  T-Mobile will suffer no consequences for letting our data be hacked.  None.   Certainly nothing of consequence.   The worst that could happen would be they would have to offer a year of credit reporting -- which is really nothing more than a free trial to get you sucked in.

    This is a national problem -- if you steal something or allow something to be stolen you are responsible for it.  If I leave my car at a garage, I expect it won't be stolen and, if it is, I would hold the garage responsible.  But these big players suffer no consequences -- so they have little incentive to protect our data.
  • Reply 8 of 9
    GeorgeBMacGeorgeBMac Posts: 11,421member
    From Reuters:
    "

    U.S. telecoms agency to probe T-Mobile data breach

    "Telecommunications companies have a duty to protect their customers’ information. The FCC is aware of reports of a data breach affecting T-Mobile customers and we are investigating," an FCC spokesperson told Reuters."

    This is outstanding!

    watto_cobra
  • Reply 9 of 9
    GeorgeBMacGeorgeBMac Posts: 11,421member
    Just an update on why the government may be looking at this:   It's not because T-Mobile customers suffered potential harm.  Rather, it has potential national security issues because, with the IMEI number and names & addresses Hackers can track specific phones back to specific people -- including those involved in national security.
Sign In or Register to comment.