40 Million Customer Records Affected in T-Mobile Data Breach

T-Mobile said the attack that breached its computer network pulled Social Security numbers and other personal information of more than 40 million current and prospective customers. The cellphone carrier said the stolen data included first and last names, birth dates, Social Security numbers and driver’s license information from a subset of current and potential customers. Victims of the breach included people who applied for credit with T-Mobile—regardless of whether they ended up doing business with the carrier—and about 7.8 million current subscribers with postpaid plans. The company said the hack also exposed the names, phone numbers and account PINs, or personal identification numbers, of about 850,000 of its customers on prepaid plans, which don’t require a credit check. Subscribers using the Metro by T-Mobile, legacy Sprint and Boost Mobile brands weren’t part of that group. T-Mobile found and closed an access point used to break into its servers, calling the intrusion a “highly sophisticated cyberattack” yet offering few details about how it worked and when its security team discovered the lapse. The company said it would open an online portal with information for potential victims.