T-Mobile US said on Wednesday an ongoing investigation into a cyberattack on its systems revealed that some personal data of about 7.8 million of its current postpaid customers were compromised.
The company was made aware of the attack late last week, it said in a statement, after an online forum claimed that personal data of its users were leaked.
Data from about 850,000 prepaid customers and more than 40 million records of former or prospective customers were also stolen, T-Mobile said.
The breached data included customers' first and last names, date of birth, social security numbers, and driver's license information, it said, but there was no indication of their financial details being compromised.
The telecom operator had acknowledged the data breach on Monday and said that it was confident the entry point used to access the data had been closed.
T-Mobile said its taking “immediate steps” to protect users at risk. Here's what the company said on the measures being taken:
As a result of this finding, we are taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack. Communications will be issued shortly to customers outlining that T-Mobile is:
- Immediately offering 2 years of free identity protection services with McAfee's ID Theft Protection Service.
- Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised.
- Offering an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
- Publishing a unique web page later on Wednesday for one stop information and solutions to help customers take steps to further protect themselves.