Front page layout
Sign up or login to join the discussions!
Dan Goodin –
T-Mobile on Wednesday said criminals obtained the personal information of almost 49 million current, former, or prospective customers in the latest mega-hack of its servers.
The haul includes customers’ first and last names, date of birth, SSN, and driver’s license/ID information for 7.8 million current post-paid accounts, meaning accounts that are billed at the end of each billing cycle. The unknown hackers obtained the same data from more than 40 million records belonging to former or prospective customers who had previously applied for credit with T-Mobile.
Names, phone numbers, and account PINs for about 850,000 active T-Mobile prepaid customers were also stolen. T-Mobile said that “additional information” from an unspecified number of inactive prepaid accounts was also affected.
The cellular carrier said none of the hacked data included customer financial information, credit or debit card information, or other payment information. Except for data in the 850,000 prepaid accounts, none of the affected data included phone numbers or account PINs.
T-Mobile, which is no stranger to data breaches involving millions of customers, said it has retained cybersecurity experts to assist in an investigation of this latest hack. The company said it has located and closed the access point the hackers used to breach the servers. The carrier has also coordinated with law enforcement.
In response, T-Mobile said it is:
Word of the breach first surfaced over the weekend when someone using the Twitter account @und0xxed and someone on a cybercrime forum advertised the availability of millions of what they claimed were never-before-published records. A report from Motherboard confirmed that the data matched T-Mobile customers. Motherboard said the person selling the data claimed there were 100 million records available.
It’s not known if anyone has purchased the data or if the data is being used to engage in identity theft or other crimes. It’s not unusual for data stolen in breaches to eventually be published online so it’s available to anyone who takes the time to find it.
The availability of free credit monitoring is better than nothing, but the more meaningful steps affected people can take are to change PINs and account passwords and implement the above-mentioned option of setting up a passcode to restrict the porting of phone numbers to a new account, a crime typically known as SIM swapping. Even with such protections, SIM swapping remains a big enough risk that people should not link important accounts to their phone numbers whenever possible.
You must login or create an account to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
WIRED Media Group
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Front page layout