T-Mobile hack sees 40,000,000 people’s details stolen in data breach

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

T-mobile data breach

The third-largest mobile carrier in the US has suffered a massive data breach (Picture: Getty Images)

T-Mobile has confirmed a major data breach led to the theft of personal information from 40 million current and former customers.

The US’ third-largest mobile carrier said the stolen information includes people’s names, driver’s licence information and social security numbers, but there was ‘no indication’ any financial details were leaked.

The breach was only discovered after attempts by hackers to sell the database online were reported in the press.

It appears to affect US customers. The T-Mobile UK brand was rebranded as EE in 2012 and is now owned by BT, who have not announced any data leaks.

A subset of the data containing 30 million social security numbers and driver’s licenses was being sold for 6 bitcoin (£200,000) on a hacking forum on Sunday, Vice News’ Motherboard reported.

The seller was said to have claimed they were selling the rest of the data privately.

‘Preliminary analysis’ showed around 7.8 million current T-Mobile customer accounts’ information was contained in the stolen files, the company said.

It also included 40 million records of former or prospective customers who had previously applied for credit with the company.

T-mobile data breach

The hack has affected tens of millions of current and former customers (Picture: Getty Images)

In a statement, T-Mobile said ‘no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers’.

‘As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack.’

However, some 850,000 active customers’ names, phone numbers and account PINs were ‘exposed’, it added.

The company has taken a number of steps to address the breach, including resetting PINs on affected accounts and offering 2 years of free third-party identity protection services.

The statement concluded: ‘We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in…