UPDATE: T-Mobile said on August 20 that its investigations have revealed that an additional 5.3 million customers are affected by the attack, along with another 667,000 former customers, bringing the total number affected to about 54 million.
T-Mobile has released more details regarding what it’s describing as a “highly sophisticated cyberattack” on its computer systems that it learned of last week.
In a statement sent to Digital Trends late Tuesday evening, the company said its initial investigations confirmed that 7.8 million current T-Mobile postpaid customers are affected, as well as just over 40 million former or prospective customers who had previously applied for credit with T-Mobile.
The company said that there’s currently no indication that the data contained in the accessed files included any customer credit or debit card information. Nor does it believe hackers accessed any phone numbers, account numbers, PINs, or passwords.
However, it said that some of the data accessed by the hackers did include customers’ first and last names, date of birth, Social Security number, and driver’s license/ID information.
It also said that around 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed in the breach. “We have already proactively reset all of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away,” the company said, adding, “No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.”
The Washington-based mobile giant said that as a result of its initial findings, it is taking “immediate steps to help protect all of the individuals who may be at risk from this cyberattack.”
Those affected will be contacted “shortly” with advice on what action to take. For example, some T-Mobile postpaid customers will be told to change their PIN, though it said this particular precaution was being taken “despite the fact that we have no knowledge that any postpaid account PINs were compromised.”
Those impacted will also be offered two years of free identity protection services with McAfee’s ID Theft Protection Service, along with other safeguards to help reduce the chances of succumbing to a crime perpetrated by those who attempt to use the stolen data for nefarious purposes.
The hack is a major blow to T-Mobile, which has suffered several other similar attacks affecting its customers in the last three years alone. The most recent breach came to light earlier this week when a hacker was spotted trying to sell stolen T-Mobile data on an underground forum. The seller claimed to be in possession of data belonging to 100 million T-Mobile customers, though the company’s initial findings suggest fewer current customers have been impacted.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile said on Tuesday, adding that its investigation is ongoing.