TMobile says hackers stole data of more than 40 million user.
According to the cellphone carrier, the breach compromised social security numbers, driver's license information, and other sensitive data.
Hackers stole the names, birthdays, and social security numbers of millions of T-Mobile customers, the mobile provider announced Tuesday, as it continues to investigate a data breach that was originally revealed earlier this week.
T-Mobile acknowledged that cybercriminals gained access to personal information belonging to around 7.8 million current subscribers as well as 40 million individuals who had previously applied for credit with the company. Although the stolen data includes first and last names and driver's license numbers, T-Mobile stated that there is no indication that the accessed files contained financial information.
“Most importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these client or prospective customer files,” T-Mobile said in a statement posted Tuesday to its website.
The company reported on Monday that hackers had obtained access to its computer networks, but had not yet established whether personal data had been stolen or the number of clients affected. T-Mobile stated that it would contact users and offer two years of identity protection services, as well as propose that postpaid members update their pins.
While the company's first research provided insight into the scope of the incident, T-Mobile did not disclose how hackers gained access to its networks or who was responsible.
“We take customer protection extremely seriously and will continue to work around the clock on this forensic investigation to ensure we are properly protecting our customers in the aftermath of this malicious attack,” the business stated.
Motherboard initially reported on the breach, which occurred as a result of posts on a Web forum seeking to sell private information.
The hack comes on the heels of a series of high-profile cyberattacks that refocused attention on the dangers posed by digital incursions, highlighting both the vulnerability of sensitive data and the collateral damage that hostile actors can inflict beyond data theft.
This spring, a ransomware attack on Colonial Pipeline affected the East Coast's petroleum network, triggering panic buying and resulting in temporary gasoline shortages in numerous states. Weeks later, a cyberattack on the world's largest meat supplier, JBS, threatened to disrupt a sizable portion of the company's global meat supply network, raising concerns about possible shortages and rising beef and pork prices.
The hacking of vital infrastructure exposed the growing dangers facing government agencies, civil society organizations, and businesses, all of whom rely increasingly on networked computer systems to operate.
Legislators have taken note. US Senate negotiators have included cybersecurity spending in the bipartisan $1 trillion infrastructure proposal, reflecting a growing fear that computer assaults may ruin entire towns. The bill would authorize nearly $2 billion in funding for cybersecurity initiatives, including a $1 billion grant program to provide federal cybersecurity assistance to state and local governments, which experts say are among the most vulnerable institutions to ransomware attacks, in which hackers gain access to a victim's computer systems and then demand a ransom to regain access.
Additionally, the bill would establish a new cyber director office to allow the federal government to better coordinate its response to big hacks and a $100 million response and recovery fund to assist agencies and businesses in recovering from cyberattacks.
T-Mobile stated that its investigation into the cyberattack is ongoing and that it has begun working with law enforcement. Earlier this week, the company announced that it had found and immediately shut down the access point believed to have been exploited by hackers to gain access to its servers.
Since Friday, the company's stock has fallen roughly 3%, while the larger market has remained virtually unchanged.
T-Mobile has previously been targeted by hackers. According to the company, hostile actors gained access to the data of some prepaid wireless accounts in 2019. Customer data obtained in the cyberattack included names, phone numbers, and billing addresses, although the corporation stated that no financial information was compromised.