Millions of T-Mobile customers’ data leaked in ‘sophisticated cyber attack’
T-Mobile US Inc updates
Sign up to myFT Daily Digest to be the first to know about T-Mobile US Inc news.
The personal information of almost 50m current and former T-Mobile customers has been “stolen” in what the mobile telecoms group described as a “highly sophisticated cyber attack” on its systems.
“We have now been able to confirm that the data stolen from our systems did include some personal information,” T-Mobile said in a statement on Wednesday, days after it admitted it was investigating a potential leak.
“Unauthorised individuals” accessed data including names, birth dates, social security numbers and drivers’ licence information on 7.8m existing customers and more than 40m former or prospective customers, T-Mobile said. About 850,000 active T-Mobile prepaid customer names, phone numbers and account personal identification numbers were also exposed.
The company added that there was “no indication” the data contained in the files included any financial information, credit card information, debit or other payment information. No phone numbers, account numbers, PINs, passwords were compromised, it said.
The telecoms group said it was informed last week of claims made in an online forum that a “bad actor” had accessed customer information. Cybersecurity experts were later enlisted to investigate the scale of the damage and subsequently “closed the access point” it is thought was used to gain illegal entry to T-Mobile’s servers.
The US-based company said it was “taking immediate steps to help protect all of the individuals who may be at risk from this cyber attack”, including offering free identity protection services and advice on how customers could go about changing their PIN numbers.
“We take our customers’ protection very seriously,” T-Mobile said in its statement. “We will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack.”
It is the latest in a series of data breaches at telecoms companies around the world, with Virgin Media, Three and TalkTalk among those hit.