Data From Millions Stolen In T-Mobile Breach

BELLEVUE, WA — Personal information for more than 40 million people was compromised during a "highly sophisticated cyberattack" targeting T-Mobile, the company announced Wednesday. The Bellevue-based telecom said it became aware of the potential breach late last week and quickly closed an access point that was compromised.

An ongoing investigation revealed names, social security numbers, driver's license information and other personal details were exposed in the breach, but the company said there were no signs that customers' financial records or credit card information were accessed. T-Mobile is the second-largest wireless provider in the United States, with more than 100 million customers across the nation.

"Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts' information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile," the company said. "Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers of prospective customers."

Additionally, T-Mobile said approximately 850,000 active prepaid customers had their names, phone numbers and account PINs exposed. While the investigation continues, working in conjunction with law enforcement and cybersecurity experts, T-Mobile said it was taking several steps to help protect customers, including:

• Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
• Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
• Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
• Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.

According to the Associated Press, T-Mobile's latest breach is well beyond the scope of previous incidents, including one in January and others in 2019 and 2018.