More than 40 million former, current and prospective T-Mobile US customers were impacted by a cyberattack
Following a cyberattack initially disclosed on Aug. 17 that resulted in customer data being accessed by an unauthorized party, T-Mobile US said today that it is “confident that we have closed off the access and egress points the bad actor used in the attack.”
According to T-Mo, compromised data includes:
- First and last names, dates of birth, Social Security numbers, and driver’s license/ID info of 7.8 million current postpaid subscribers
- IMEI and IMSI info
- Names, addresses, dates of birth, phone numbers, IMEI and IMSI for 5.3 million postpaid subs
- First and last names, dates of birth, Social Security numbers, and driver’s license/ID info from 40 million “former or prospective” customers
- Names, phone numbers, addresses and dates of birth for 667,000 former customers
CEO Mike Sievert on Twitter said, “I want to assure you that our…team is doing their best to get answers to your questions about our recent cyberattack.” The company has set up a dedicated site detailing the data breach and suggesting protective actions customers can take.
A spokesperson for the U.S. Federal Communications Commission told Reuters, “Telecommunications companies have a duty to protect their customers’ information. The FCC is aware of reports of a data breach affecting T-Mobile customers and we are investigating.”
Moody’s Investors Service circulated a report regarding the data breach incident summarizing the impact to the operator as “credit negative because of the financial, reputational and legal costs associated with data breaches. The breach underscores T-Mobile’s struggles in recent years with safeguarding personal data, with the company disclosing a data breach at least once ever year since 2018.”
NordVPN Digital Privacy Expert Daniel Markuson warned that the compromised data could be used for phishing scams, which he characterized as “one of the biggest concerns from these types of breaches. Such scams are usually very effective as criminals use a piece of real information, for example, your name and taxpayer ID. Cybercriminals could send fake emails pretending to be your pharmacy, bank, hotel or even governmental institution.”
For it’s part, T-Mobile US is offering customers two years of free McAfee ID Theft Protection; suggesting that customers set up Scam Sheild; and reset PINs and passwords.