T-Mobile US (NASDAQ:TMUS) said on Wednesday an ongoing investigation into a cyberattack on its systems revealed that some personal data of about 7.8 million of its current postpaid customers were compromised.
The company was made aware of the attack late last week, it said in a statement, after an online forum claimed that personal data of its users were leaked.
Data from about 850,000 prepaid customers and more than 40 million records of former or prospective customers were also stolen, T-Mobile said.
The breached data included customers’ first and last names, date of birth, social security numbers, and driver’s license information, it said, but there was no indication of their financial details being compromised.
The telecom operator had acknowledged the data breach on Monday and said that it was confident the entry point used to access the data had been closed.
“We have no indication that the data contained in the stolen files,” read this morning’s news release, “included any customer financial information, credit card information, debit or other payment information.”
Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.
The company is offering subscribers two years of free identity protection services with McAfee’s ID Theft Protection Service. It is also recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on their phones.
TMUS shares improved 43 cents to $141.10