7.8 million active T-Mobile postpaid accounts had personal data stolen during last week’s data breach
No Metro by T-Mobile customers, former Sprint prepaid subscribers, and Boost Mobile users had their names or PIN numbers exposed. While T-Mobile said that it would publish an online portal for potential victims, as of Wednesday afternoon the portal had not been spotted.
Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.
Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”
T-Mobile recommends that postpaid account holders reset their PIN number
As we already mentioned, T-Mobile already reset PIN numbers for prepaid subscribers. It recommends that postpaid subscribers change their PIN numbers. T-Mobile says that it found an access point that was used by the attackers to break into the company’s servers and patched it. The company called the data breach “a highly sophisticated cyberattack,” and a person who claims to know the identity of the attacker explained how it went down.
While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”