T-Mobile confirmed that hackers stole sensitive data on more than 40 million customers, and is now offering McAfee identity protection services at no charge for two years, according to a Tuesday (Aug. 17) T-Mobile press release and media outlets.
The mobile phone carrier said the hacker infiltrated its network and stole Social Security numbers, full names, birth dates, and driver’s license details. The sensitive data swiped came from roughly 7.8 million current T-Mobile customers — including prepaid — and from people who had applied for credit with the company.
“Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” the company said in a statement, The Wall Street Journal reported.
Reports from Vice’s Motherboard on Monday (Aug. 16), which broke the story, indicated the numbers of those exposed were 100 million-plus and had confirmed with the hacker that sensitive data was up for sale on the dark web.
“We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment,” T-Mobile said in the press release. “We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers.”
Roughly 850,000 customers part of T-Mobile’s prepaid plans had their names, phone numbers and account PINs exposed. Metro by T-Mobile, legacy Sprint and Boost Mobile brands were not part of the breach, the company said, per WSJ.
The company said PINs were reset for all prepaid users and it is advising all customers to do the same, per the press release. The Bellevue, Washington-headquartered firm also said in the press release that it is launching a special website to address this cyberattack so people can stay informed.