After a hacker appeared on an online forum offering to sell private data from T-Mobile
"Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts' information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers," a company statement reads.
Initially, the seller told reporters with Motherboard that they had data stolen from T-Mobile servers on more than 100 million users. The seller was reportedly asking for 6 bitcoin, roughly $270,000, in exchange for personal information on just 30 million customers, while the rest was set to be sold to a private buyer.
The hacker told reporters that their access to the servers was quickly cut off, but that they have the data "backed up in multiple places."
According to T-Mobile, the stolen records contain information like social security numbers, drivers' licenses, and other identifying information from former and prospective users. According to the company, the hack did not access any phone numbers, PINs, account numbers, passwords, or other financial information.
However, an additional 850,000 current prepaid T-Mobile customers did have their names, phone numbers, and PINs stolen. The company reportedly reset all of the potentially compromised PINs.
"We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information," the company stated.
The hack also didn't access any information from Metro by T-Mobile, former Sprint prepaid, or Boost customers.
During the company's preliminary investigation, it was able to identify and close the point of entry used by the hacker. T-Mobile is recommending that all postpaid T-Mobile users change their PINs and is also offering customers 2 years of identity protection services for free. The company is also adding additional fraud protections to stop customer accounts from being stolen.
"We take our customers' protection very seriously," the company wrote in a statement. "And we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack."