T-Mobile finally revealed the official details about the recent cyberattack against their telecommunications systems. The company confirmed that about 8.6 million active users and their personal information were exposed during the attack. The tech giant also provided additional information on how to secure an active account.
A few days ago, a hacker posted on an underground forum to sell a subset data of 30 million driver's licenses and social security numbers for six Bitcoins, estimated close to $280,000. The data was allegedly stolen from T-Mobile servers.
When asked about the data, the seller said that T-Mobile might have noticed their presence because the backdoor servers they used were closed down. However, the seller emphasized that the transaction would not be impacted because they had the data backed up locally through external hard drives.
After an urgent investigation, the American telecommunications provider confirmed the data breach on Tuesday, August 17.
T-Mobile Data Breach: 8.6 Million Active Customers Exposed
After they were notified of the breach, T-Mobile said that their team brought in world-leading cybersecurity experts to patch up their systems. First, they closed the access point used for illegal entry to their servers.
T-Mobile verified that a subset of data from their servers were accessed by unauthorized individuals. They coordinated with forensic investigation and law enforcement teams to search for these hackers.
The company said that they are unable to verify stolen data files, including: customer financial information, credit card information, debit card information, and other payment information.
On the other hand, the company verfied that data accessed includes: customers' first and last names, date of birth, Social Security Number (SSN), and driver's license/ID information.
The data stolen came from a subset of both current and former postpay customers of T-Mobile. Some prospective T-Mobile customers who have pre-registered their information in the system might also have their data exposed.
A total of 7.8 million T-Mobile postpaid customer accounts (active) were stolen in the data breach, alongside the 40 million records of former and prospective customers who previously applied for credit with T-Mobile. For this subset, no phone numbers, account numbers, PINs, passwords, or financial information were stolen.
On the other hand, 850,000 T-Mobile prepaid customer accounts (active) were stolen in the data breach. This subset had their names, phone numbers, and account PINs exposed. T-Mobile said that they have proactively reset all PINs for these accounts to protect their customers.
No Metro (former Sprint prepaid) or Boost customer data had been exposed in the breach.
T-Mobile Offers Security Tips and Protection Services for Free
The telecommunications provider also took new security measures to protect their customer data. T-Mobile customers might soon receive offers like:
- Two years of free identity protection services with McAfee's ID Theft Protection Service
- Recommendation to change account PIN by calling Customer Care team or dialing 611
- Account Takeover Protection services for postpaid customers
- A unique web page for "one stop information and solutions" to improve account security
While T-Mobile is doing its best to compromise the recent data breach, mobile users are recommended to stay vigilant against other hacking attempts.
Related Article: Should You Buy iPhone 12 Now? 4 Reasons You Should Wait For iPhone 13 Instead!