Over the weekend, a hacker claimed to have stolen personal data from upwards of 100 million T-Mobile customers. Motherboard reported that the hacker was attempting to sell a chunk of that data for 6 bitcoin (~$270,000). The next day, the carrier confirmed the report, but didn’t offer any details. But in a news release on Tuesday, T-Mobile provided an update on the data breach that painted a much less dire picture than the original report for affected customers.
T-Mobile says that it was first made aware of a hacker claiming to have compromised its servers last week. The carrier began investigating the claims, and “immediately closed the access point” that the hacker used to access its servers. T-Mobile was then able to verify that a subset of its data had been seen by hackers. Some of that data contained personal information.
The bad news is that some of the data included customers’ first and last names, dates of birth, SSNs, and driver’s license or ID information. The good news is that the carrier found no indication that any of the data included credit card numbers or any other payment information.
T-Mobile’s update on the latest data breach
Here are a few of the key findings that T-Mobile shared with its customers in the news release:
Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.
T-Mobile is taking several steps to protect the people that might be at risk due to this hack. First, the carrier is giving away two years of free identity protection with McAfee’s ID Theft Protection Service. The Un-carrier also recommends that all postpaid customers change their PIN. You can do so from your T-Mobile account or by dialing 611 on your phone.
Additionally, Account Takeover Protection should make it harder to steal accounts. And finally, there will be a new page on T-Mobile’s site with information and solutions regarding the breach.
Near the end of the release, T-Mobile reveals a very important piece of information. The hack exposed the names, phone numbers, and account PINs of around 850,000 active T-Mobile prepaid customers. T-Mobile has already reset those PINs, and customers should receive an alert soon.