T-Mobile stated in a statement on Wednesday morning that a security compromise had exposed the personal information of more than 40 million subscribers, including social security numbers (SSNs) and pins in certain circumstances.
The same data appears to have been exposed for roughly 7.8 million existing T-Mobile post-paid users. According to the company, no phone numbers, account numbers, pins, passwords, or financial information from almost 50 million records and accounts was stolen.
T-Mobile also stated that the names, phone numbers, and account pins of roughly 850,000 active T-Mobile prepaid customers were exposed. The business stated that it reset all of the pins on those accounts on a proactive basis. There were no names or pins disclosed for Metro by T-Mobile, previously Sprint prepaid, or Boost subscribers.
Customers' first and last names, dates of birth, and driver's license information pertaining to current and past postpaid customers have also been documented stolen.
The billing fees of inactive prepaid accounts also disclosed certain information that the firm did not mention. These files did not contain any financial or social security information about the users.
The company, which reached 100 million members in November, disclosed the findings of an inquiry two days earlier when they verified accusations that their data had been "illegally accessed."
The firm stated on Monday that it is "confident" that the point of entry for the hacking has been shut off. T-Mobile has been contacted by The Guardian for comment on whether or not this is true.
To safeguard the security of its clients' personal information, the firm has provided two years of free identity protection services.
The business is working with law enforcement agencies as the investigation continues, according to the statement.
After purchasing rival Sprint, T-Mobile, located in Bellevue, Washington, became one of the country's biggest cellular service carriers, alongside AT&T and Verizon.
T-Mobile has already revealed a number of data breaches, including one in November 2019 and another in August 2018, both of which included illegal access to user data. Hackers acquired personal information from the credit reporting firm Experian in 2015, which they got from T-Mobile phone customers and potential customers in the United States.