T-Mobile hack sees 40,000,000 people’s details stolen in data breach
T-Mobile has confirmed a major data breach led to the theft of personal information from 40 million current and former customers.
The US’ third-largest mobile carrier said the stolen information includes people’s names, driver’s licence information and social security numbers, but there was ‘no indication’ any financial details were leaked.
The breach was only discovered after attempts by hackers to sell the database online were reported in the press.
It appears to affect US customers. The T-Mobile UK brand was rebranded as EE in 2012 and is now owned by BT, who have not announced any data leaks.
A subset of the data containing 30 million social security numbers and driver’s licenses was being sold for 6 bitcoin (£200,000) on a hacking forum on Sunday, Vice News’ Motherboard reported.
The seller was said to have claimed they were selling the rest of the data privately.
‘Preliminary analysis’ showed around 7.8 million current T-Mobile customer accounts’ information was contained in the stolen files, the company said.
It also included 40 million records of former or prospective customers who had previously applied for credit with the company.
In a statement, T-Mobile said ‘no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers’.
‘As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack.’
However, some 850,000 active customers’ names, phone numbers and account PINs were ‘exposed’, it added.
The company has taken a number of steps to address the breach, including resetting PINs on affected accounts and offering 2 years of free third-party identity protection services.
The statement concluded: ‘We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in…