A massive security breach at T-Mobile has exposed the personal private data of nearly 50million T-Mobile customers and prospects, including social security numbers and drivers license numbers. And it doesn’t matter whether you are a current, past, or even prospective customer of T-Mobile, your data has been compromised. By “prospective” we mean someone who has applied for an account with T-Mobile even if they never actually signed up. And that is because the T-Mobile data breach includes those social security numbers which are, of course, required for just about every service that is going to extend credit to you.
According to CNN, “The breach affects as many as 7.8 million postpaid subscribers, 850,000 prepaid customers and ‘just over’ 40 million past or prospective customers who have applied for credit with T-Mobile, the company said in a post on its website. While no customer financial information appears to have been exposed, the stolen personal information includes names, dates of birth, Social Security numbers and driver’s license numbers for ‘a subset of current and former postpay customers and prospective T-Mobile customers.'”
Let’s unpack that “40 million past or prospective customers who have applied for credit with T-Mobile” a bit. As some experts are already pointing out, just why was T-Mobile hanging on to the sensitive data of past customers, and even people who had never even become customers??
As Wired points out, “The bigger question, though, is whether T-Mobile really needed to hold onto such sensitive information from 40 million people with whom it doesn’t currently do businesses. Or if the company was going to stockpile that data, why it didn’t take better precautions to protect it.”
Here’s what T-Mobile themselves said about the breach, in a statement about the breach posted on the T-Mobile site yesterday, August 17, 2021:
Full T-Mobile Statement about August 2021 Hack and Data Breach
As we shared yesterday, we have been urgently investigating the highly sophisticated cyberattack against T-Mobile systems, and in an effort to keep our customers and other stakeholders informed we are providing the latest information we have on this event and some additional details:
Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems. We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment.
We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued.
While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.
We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information.
Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.
Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.
As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack. Communications will be issued shortly to customers outlining that T-Mobile is:
Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.
At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed. We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.
We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file.
We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack. While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.