T-Mobile hit with “highly sophisticated cyberattack”

Over 40 million T-Mobile users have been affected by a data breach. The company responded in a statement given on its official website saying “we have been urgently investigating the highly sophisticated cyberattack against T-Mobile systems.”

The company has said it’s taking “immediate steps to help protect all of the individuals who may be at risk from this cyberattack.” In response to this massive attack T-Mobile has promised to give customers up to “2 years of free identity protection services with McAfee’s ID Theft Protection Service,” and they recommend “all T-Mobile postpaid customers [to] proactively change their PIN by going online into their T-Mobile account or calling [their] Customer Care team by dialing 611 on [their] phone. This precaution is despite the fact that [they (T-Mobile)] have no knowledge that any postpaid account PINs were compromised.”

They are also offering an extra step “to protect your mobile account with [their] Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen,” and they will be “publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves,” the statement added.

T-Mobile had found out about the breach through an online forum where claims were made that a “bad actor had compromised T-Mobile systems,” and user data was being sold. After investigating they found out that the claims were true and “immediately closed the access point that [they] believe was used to illegally gain entry to [their] servers.”

The company revealed that the stolen files included the “customers’ first and last names, date of birth, social security number, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers,” they said. So far in their investigation they have not found a breach of customers’ financial information, credit card information, debit or other payment information.

“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” they added.

They also confirmed that about 850,000 active customers’ names, phone numbers, account PINs were also exposed, and they have “proactively” reset all of the PINs on the exposed accounts.

“At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed. We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed,” they went on.

“We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file,” they said.

At the end of their statement T-Mobile said the investigation is ongoing and they wanted to share these early findings even though the “facts” or information supplied could change or “evolve.”

T-Mobile had been hit with a cyberattack in 2015 as well, and the attackers managed to steal information of 15 million users and potential users, belonging from the United States.