T-Mobile Says 40+ Million Customers Affected by Cyberattack, Confirms Data Exposed

Remember when we told you earlier in the week that T-Mobile admitted to a serious cyberattack on their systems that potentially exposed millions of customer accounts, personal data, and more? Today, the company is sharing more details, including how many customers they believe are affected.

T-Mobile says it is still investigating the entire situation, but they can confirm that 7.8 million postpaid customers and over 40 million prospective customers, who had “previously applied for credit with T-Mobile,” had their account information accessed. While no financial information was taken, there was a lot of other data exposed.

Of those 40+ million, the hackers were able to access first and last names of customers, date of birth, social security numbers (SSN), and driver’s license and ID information. The information did not include phone numbers, account numbers, PINS or passwords, or financial info, but yeah, the SSN and date of birth and ID stuff is pretty serious.

In addition to those millions of customers, T-Mobile says that 850,000 active prepaid customers had names, phone numbers, and account PINs exposed. “Some” information was also taken for inactive prepaid customers, but no financial info, credit card info, or SSN stuff was in those inactive files.

T-Mobile plans to contact affected customers shortly and is offering the following protections:

• Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
• Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
• Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
• Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.

Good grief.

If you are a T-Mobile customer, you should probably go reset some passwords and PINs and be on the lookout for an email.