T-Mobile confirms data breach involving more than 48m people
T-MOBILE US
$235.61
12:50 15/11/24
T-Mobile US updated its customers and the market on a “highly sophisticated” cyberattack against its systems on Wednesday, reporting that more than 48 million current, former and prospective customers had their data stolen.
Nasdaq 100
20,394.13
12:15 15/11/24
The Nasdaq-listed United States cellular carrier said it was informed of claims made in an online forum last week, that a “bad actor” had compromised its systems, and immediately began an “exhaustive” investigation.
It said it located and “immediately closed” the access point that it believed was used to gain entry to its servers, and was able to verify on Tuesday that a subset of data had been accessed by “unauthorised individuals”.
It also began coordination with law enforcement as its forensic investigation continued.
“We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information,” T-Mobile said in its statement.
It said some of the data accessed did include the first and last names of customers, as well as their dates of birth, social security numbers, and driver’s licence or ID information, for a “subset” of current and former postpaid customers, as well as “prospective” T-Mobile customers.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.”
It said that no phone numbers, account numbers, PINs, passwords, or financial information was compromised in any of the files.
“As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack.”
T-Mobile said it would communicate with customers “shortly”, offering them two years of identity protection services, and recommending all postpaid customers proactively change their PIN.
It said it would also offer an extra layer of protection from account takeovers, making it more difficult for accounts to be fraudulently ported out of its network and stolen.
“At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed.
“We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away.”
It said the names and PINs of prepaid customers of its sub-brand Metro by T-Mobile, as well former Sprint prepaid and Boost customers, were exposed.
“We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files.
“No customer financial information, credit card information, debit or other payment information or social security numbers were in this inactive file.”
T-Mobile US said the forensic investigation into the breach of cybersecurity was ongoing.
At 0956 EDT (1456 BST), shares in T-Mobile US were up 0.43% at $141.27.