T-Mobile says hackers stole records belonging to 48.6 million individuals

T-Mobile has confirmed that attackers who recently breached its servers stole files containing the personal information of tens of millions of individuals.

The massive breach impacts roughly 7.8 million T-Mobile postpaid customers, 850,000 T-Mobile prepaid users, and approximately 40 million former or prospective ones.

Adding it all up, the attackers stole records belonging to 48.6 million individuals, including current, former, or prospective T-Mobile customers.

"Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers," T-Mobile said.

"Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers."

Luckily, according to the US mobile carrier, the file stolen during the incident did not contain phone numbers, account numbers, PINs, passwords, or financial information belonging to current or prospective T-Mobile customers.

Account PINs reset for 850K prepaid customers

"At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed," the carrier added.

"We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files."

T-Mobile has already reset all the PINs for these accounts to protect them from takeover attempts and is in the process of notifying all impacted users.

The company is now taking steps to protect customers potentially at risk following this massive breach by:

• Immediately offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
• Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
• Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
• Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.

Sixth data breach in less than four years

T-Mobile partially confirmed the claims of a threat actor who was selling a database allegedly containing the data for approximately 100 million T-Mobile customers, stolen in a massive server breach.

Attackers can use customer information stolen in this attack for SIM swapping attacks, allowing them to take over other online accounts belonging to the victims.

All T-Mobile customers should now be on the lookout for any suspicious emails or text messages pretending to be from T-Mobile.

If you receive one, do not click any embedded links as attackers could use them to harvest credentials.

This is the sixth major data breach suffered by T-Mobile during the last four years:

• In 2018, info belonging to millions of T-Mobile customers was accessed by hackers.
• In 2019, T-Mobile exposed prepaid customers' data.
• In March 2020, hackers gained access to T-Mobile employees' email accounts.
• In December 2020, hackers accessed exposed customer proprietary network information (phone numbers, call records).
• In February 2021, threat actors targeted up to 400 customers in SIM swap attacks after gaining access to an internal T-Mobile application.