T-Mobile data breach: New information uncovered by the investigation

In the wake of the recent claims that T-Mobile U.S. has suffered a massive data breach and the consequent industry reactions, the company has shared additional information its internal investigation has uncovered.

T-Mobile data breach information

What the investigation has discovered so far

T-Mobile said that the they’ve started the investigation after being notified last week of claims made in an online forum that a bad actor had compromised their systems.

They brought in outside experts to help with the investigation and located and closed the access point that they believe was used to gain entry to their servers.

“Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued,” T-Mobile explained.

They confirmed that data stolen from their systems did include some personal information, but there is no indication that the data contained in the stolen files included customer financial or payment information.

The stolen files contain approximately 7.8 million current T-Mobile postpaid customer accounts’ information and over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. These files do not include phone numbers, account numbers, PINs, passwords, or financial information.

“At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed. We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed,” they added.

“We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file.”

What should affected customers do?

These are only the initial findings, and the extent of the data compromise could end up being wider.

In the meantime, affected individuals will receive 2 years of free identity protection services.

T-Mobile is recommending all T-Mobile postpaid customers to proactively change their PIN (even though there is no indication that those have been compromised), and will be offering an extra step to protect customers’ mobile account, to make it “harder for customer accounts to be fraudulently ported out and stolen.”

UPDATE (August 21, 2021, 01:30 a.m. PT):

T-Mobile has updated the document delineating the extent of the breach, and the initial numbers of affected customers have gone up.

Don't miss