T-Mobile has continued to work around the clock on the forensic analysis and investigation into the cyberattack against T-Mobile systems while also taking a number of proactive steps to protect customers and others whose information may have been exposed.
Their investigation still underway and will take some time, but they are sure that they have blocked the bad actor’s access and egress points.
T-Mobile previously disclosed that personal information from roughly 7.8 million current T-Mobile postpaid customer accounts, including first and last names, dates of birth, Social Security numbers, and driver’s license/ID numbers, had been compromised. Phone numbers, as well as IMEI and IMSI information, the normal identifier numbers linked with a mobile phone, were also hacked, according to T-Mobile. In addition, another 5.3 million existing postpaid customer accounts have been discovered as having one or more linked customer names, addresses, dates of birth, phone numbers, IMEIs, and IMSIs fraudulently accessed. SSNs or driver’s license/ID details were not compromised in these other accounts.
T-Mobile previously disclosed that data files containing information on about 40 million past or potential T-Mobile customers, including first and last names, dates of birth, Social Security numbers, and driver’s license/ID numbers, had been compromised. Since then, another 667,000 former T-Mobile customers’ accounts have been accessed, with user names, phone numbers, addresses, and dates of birth exposed. SSNs or driver’s license/ID details were not compromised in these other accounts.
T-Mobile has also discovered further stolen data files, including phone numbers, IMEI numbers, and IMSI numbers. There was no personally identifying information in that data.
There is still no indication that any of the stolen files contained any consumer financial information, credit card information, debit card information, or other payment information.
Approximately 850,000 current T-Mobile prepaid customer names, phone numbers, and account PINs were exposed, according to T-Mobile. T-Mobile has reset ALL of the PINs on these accounts proactively. Additional dormant prepaid accounts were also accessed for similar information. Up to 52,000 names associated with current Metro by T-Mobile accounts may have been included as well. There was no personally identifiable information in any of these data sets. Furthermore, no former Sprint prepaid or Boost customers were among the T-Mobile files obtained.
T-Mobile is continuing to take steps to protect everyone who is at danger from this cyberattack, including those who were recently identified by T-Mobile. T-Mobile has communicated with millions of customers and others who have been affected, and is offering assistance in a variety of ways.