T-Mobile said Wednesday that hackers stole personal information linked to 40 million former and prospective customers that applied for credit from the telecommunications company, with the data including Social Security and driver’s license records in some cases.
The cyberattack also compromised personal data for 7.8 million current T-Mobile postpaid customers. No phone numbers, account numbers, PINs, passwords, or financial information from the nearly 50 million records and accounts were compromised, according to T-Mobile. But about 850,000 active T-Mobile prepaid accounts had their phone numbers and account PINs exposed.
The company said it has reset all of the PINs on those accounts, and will be notifying those customers immediately.
The hack, first reported by Vice on Sunday, was discovered in a forum post where the hacker said they had gained data for more than 100 million people from T-Mobile servers. The seller said the data included Social Security numbers, phone numbers, names, physical addresses and other personal information. T-Mobile on Tuesday confirmed that such data was exposed in some cases.
T-Mobile said it will offer two years of free identity protection services with McAfee’s ID Theft Protection Service to those impacted by the theft. It is also recommending that postpaid customers change their PINs, either through their T-Mobile online accounts or by calling 611 on their phones to reach a customer service representative.
The Associated Press contributed to this report.