T-Mobile TMUS -0.04% US Inc. said the attack that breached its computer network pulled Social Security numbers and other personal information of more than 40 million current and prospective customers.
The cellphone carrier said the stolen data included first and last names, birth dates, Social Security numbers and driver’s license information from a subset of current and potential customers. The victims included people who applied for credit with T-Mobile—regardless of whether they ended up doing business with the carrier—and about 7.8 million current subscribers with postpaid plans.
“Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” the company said in a statement.
T-Mobile said the breach also exposed the names, phone numbers and account PINs of about 850,000 of its customers on prepaid plans, which don’t require a credit check. Users of its Metro by T-Mobile, legacy Sprint and Boost Mobile brands weren’t part of that group.