Earlier this week, reports emerged suggesting that one of the world’s largest networks carriers T-Mobile was hacked. Now, the information has been confirmed by the giant of telecommunications. The new report, however, differs from claims made by the hacker. But still, the company now admits that over 47.8 million records were taken. The most shocking bit is that this does not only involves customers. If you have ever applied for a T-Mobile account you could be at risk. Even if you never opened this account.
According to T-Mobile, the personal data includes both social security numbers and driver’s license details for “a subset” of people” along with account PINs for some users.
How did this start?
Back last Monday, a hacker began offering for sale personal data from T-Mobile customers. That’s a pretty common behavior when big companies had their data stolen. The hacker claimed that it had data from 100 million T-Mobile customers in the United States, and he has stated that this means full records for each customer.
The info was shared on a forum post that didn’t mention T-Mobile, however, the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile Servers.
Motherboard has seen samples of the stolen data, and they did confirm that it contained accurate information on T-Mobile customers. The data includes names, Social security numbers, phone numbers, physical addresses, unique IMEI numbers, and driver’s license information.
Previously, T-Mobil said it couldn’t confirm or deny the privacy failure. However, it later decided to confirm that unauthorized access had occurred and that it was investigating what was accessed. Now the Telecom giant made the following statement:
“The investigation is still underway and we continue to learn additional details. However, we have now been able to confirm that the data stolen from our systems did include some personal information. We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit, or other payment information.
Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.
Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”
According to 9to5Mac, T-Mobile also confirmed that approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed. The Telecom giant has reset all of the PINs on these accounts to protect these customers. The company will notify them accordingly in the coming days. Worth noting that none of the company’s subsidiaries such as Metro, Sprint, or Boost customers had their names or PINs exposed.
T-Mobile is effectively trying to bring some relief to the situation. Telecom states that no financial data or passwords were obtained. However, the case still is very worrisome as users can have their identity theft through the leaked info. The company acknowledges this by offering two years of protection.
The carrier will contact users that have been affected by the privacy failure. The list of affected customers can include current, past customers, and even those who ever applied for a T-Mobile plan. Even those that had applications declined or that changed their mind before the account’s activation.
We’ll be following the case closely in the coming days.