On August 17, 2021, T-Mobile discovered that hackers had illegally accessed personal data from its customer systems. t-mobile said it has verified that a portion of its data was accessed and stolen by unauthorized persons, including some personal information. t-mobile continues to work around the clock to forensically analyze and investigate cyber attacks against t-mobile systems, and has also taken a number of proactive measures to protect customers and others whose information may have been compromised. According to updated information shared by T-Mobile on August 20 regarding the ongoing cyberattack investigation, as follows.
We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed. These additional accounts did not have any SSNs or driver’s license/ID information compromised.
We also previously reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver’s license/ID information, were compromised. We have since identified an additional 667,000 accounts of former T- Mobile customers that were accessed with customer names, phone numbers, addresses and dates of birth compromised. These additional accounts did not have any SSNs or driver’s license/ID information compromised.
Separately, we have also identified further stolen data files including phone numbers, IMEI, and IMSI numbers. That data included no personally identifiable information.
We continue to have no indication that the data contained in any of the stolen files included any customer financial information, credit card information, debit or other payment information.
As we previously reported, approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed. We have proactively reset ALL of the PINs on these accounts. Similar information from additional inactive prepaid accounts was also accessed. In addition, up to 52,000 names related to current Metro by T-Mobile accounts may have been included. None of these data sets included any personally identifiable information. Further, none of the T-Mobile files stolen related to former Sprint prepaid or Boost customers.
T-Mobile says it has sent messages to millions of customers and other affected individuals and offered support in a variety of ways, and has been working with industry-leading experts in an effort to improve the security of our platform.
Data such as Social Security numbers and driver's license details for 30 million subscribers from T-Mobile are reportedly being sold on the dark web for 6 bitcoins, or about $270,000.
In general, stolen personal information often appears for sale on the dark web. Someone with an ulterior motive can easily find your identity and do anything in your name, from making purchases and opening credit card accounts in your name, to filing tax refunds and filing medical claims, all of which can be done under the guise of "you. To make matters worse, billions of these hacked login credentials can be found on the dark web, carefully packaged and available for purchase by anyone with an ulterior motive.