T-Mobile warned Monday that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.
On Monday evening, T-Mobile said a “highly sophisticated” attack against its network led to the breach of data on millions of customers.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company wrote in a blog post. “Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”
Nevertheless, T-Mobile is urging all T-Mobile postpaid customers to proactively change their account PINs by going online into their T-Mobile account or calling customer care at 611. “This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised,” the advisory reads.