T-Mobile has confirmed a cybersecurity incident that may have exposed the customer information of 100 million users.
The company announced in a Monday (Aug. 16) press release, noting it is “working around the clock” to investigate. T-Mobile noted in the release that it found there was unauthorized access, but said it didn’t know if that contained any personal customer data, at that time.
News came to light earlier Monday that sensitive information from more than 100 million T-Mobile users was being sold on the dark web. The data purportedly includes names, phone numbers, addresses, social security numbers, driver license information, and IMEI numbers.
An underground forum reported having a customer data set selling for 6 bitcoin (about $270,000). That came with 30 million Social Security numbers and driver’s license details. According to the seller, the rest of the data was in the process of being sold as well, in a private manner.
In the last update, they said they located and immediately closed the access point that they believe was used to illegally gain entry to the servers. “We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information.”
According to their Preliminary analysis, approximately 7.8 million post-paid customer account information is appearing in the stolen files, as well as over 40 million records of former customers or prospects who had previously applied for credit with T-Mobile. And lastly, 850000 prepaid customer’s data were also exposed.
Based on these findings T- Mobile is sharing the following points:
- 2 years of free identity protection services with McAfee’s ID Theft Protection Service to all the affected
- If you are a customer, you should change your PIN
- The use of Account Takeover Protection capabilities