T-Mobile US Inc. said an attack that breached its computer network pulled Social Security numbers and other personal information of more than 40 million current and prospective customers.
The cellphone carrier
said the stolen data included first and last names, birth dates, Social Security numbers and driver’s license information from a subset of current and potential customers. The victims included people who applied for credit with T-Mobile—regardless of whether they ended up doing business with the carrier—and about 7.8 million current subscribers with postpaid plans.
“Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” the company said in a statement.
T-Mobile said the breach also exposed the names, phone numbers and account PINs of about 850,000 of its customers on prepaid plans, which don’t require a credit check. Users of its Metro by T-Mobile, legacy Sprint and Boost Mobile brands weren’t part of that group.
The admission is the latest setback for T-Mobile, which disclosed the breach earlier this week in response to reports of its customer information for sale on a hacker forum. Vice’s Motherboard tech site first reported on the breach.
The company said early Wednesday that it had reset the PIN codes of all the affected prepaid accounts and recommended that postpaid users do the same. The carrier said it would offer two years of free identity protection services from security firm McAfee.