T-Mobile, the third-largest U.S. wireless carrier, has confirmed that the recent data breach has affected tens of millions of current and former customers.
The data breach came to light late last week after news emerged that someone has been attempting to sell 100 million T-Mobile customer records on a hacker forum. The stolen records, sold for $280,000 in bitcoins, reportedly included social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver license information.
In a recent statement T-Mobile said it has identified and closed the access point used by attackers to break into the company’s servers. According to the wireless operator, personal data, including dates of birth, first and last names, social security numbers and driver's license information, of more than 40 million former and prospective customers was stolen as a result of the hack, as well as data from 7.8 million existing T-Mobile wireless customers. There was no indication that customers’ phone numbers, account numbers, PINs, passwords, or financial information was affected, T-Mobile said.
However, the company admitted that around 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed in the data breach.
T-Mobile said it reset the PINs of impacted prepaid accounts and is now offering two years of free identity protection services to impacted individuals. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed, the company said.