Breaking News
More () »

T-Mobile says data on more than 40 million people stolen in cyberattack

T-Mobile says some of the info stolen in a cyberattack included customer Social Security numbers, names and driver's license info.
Credit: AP
This Feb. 24, 2021 photo shows a T-Mobile store at a shopping mall in Pittsburgh.

WASHINGTON — T-Mobile says it has confirmed that a recent cyberattack exposed the personal data of millions of its current, former and prospective customers. 

The company said it began investigating late last week after someone took to an online forum offering to sell the personal information of cellphone users. 

T-Mobile said Tuesday it has now confirmed the stolen data included personal information from about 7.8 million of its current postpaid customers, 850,000 prepaid customers and more than 40 million credit applicants. 

The investigation revealed some of the leaked personal data includes Social Security numbers, birth dates, names and driver license information. The company stressed that it does not appear any customer credit card or payment info was leaked. 

"Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of [postpaid] customers or prospective customers," T-Mobile said in an update posted online

However, the company said some of the info accessed in the data breach did involve account PINs, names and phone numbers for around 850,000 prepaid customers. The company said it has proactively reset all the PINs on those prepaid accounts and will be notifying customers. T-Mobile added that the investigation has found that no Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed. 

It also said it was confident that it has closed the entry point that was used to gain access in what it called a "highly sophisticated cyberattack" against its systems.

As a precaution, the company is recommending all T-Mobile postpaid customers change their PINs. 

"This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised," T-Mobile said in its update Tuesday. 

The company has set up a website for more information and solutions to help customers impacted by the data breach. 

T-Mobile, which is based in Bellevue, Washington, became one of the country’s largest cellphone service carriers, along with AT&T and Verizon, after buying rival Sprint.

The Associated Press contributed to this report. 

Before You Leave, Check This Out