T-Mobile had a data breach. The company confirmed that records of over 40 million “former or prospective customers” who had previously applied for credit and 7.8 million postpaid customers (those who currently have a contract) were stolen, including Social Security Numbers. “Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers,” the announcement made Wednesday said. “We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away,” the announcement reads. No customer financial information appears to have been exposed. According to the company’s statement, its investigation began based on a report of someone claiming in an online forum that they had compromised T-Mobile’s servers.
After the incident was reported, T-Mobile said it is offering 2 years of free identity protection services from cybersecurity firm McAfee to its customers. T-Mobile says it will publish later a dedicated website with information for customers. Customers of other T-Mobile prepaid brands including Metro, Boost and former Sprint prepaid customers have not had their PINs or names exposed, T-Mobile declared. T-Mobile is the brand name used by the mobile communications subsidiaries of the German telecommunications company Deutsche Telekom AG. The brand is active in the Czech Republic (T-Mobile Czech Republic), the Netherlands (T-Mobile Netherlands), Poland (T-Mobile Polska), and the United States (T-Mobile US).