The breach of T-Mobile US Inc. allowed hackers to steal information about more than 40 million people and potentially sell the data to digital fraudsters and identity thieves.
Here is what we know about the hack, which data was stolen and what customers should do to protect themselves.
What was the T-Mobile data breach?
T-Mobile said it learned late last week that an individual in an online forum claimed to have breached its systems and was attempting to sell stolen customer data. The company confirmed on Aug. 16 that it was hacked, adding the following day that attackers made off with personal data from nearly 48 million people. Those victims include 7.8 million current postpaid customers, T-Mobile said, and about 40 million former and prospective customers who applied for plans.
While U.S. officials have warned of an uptick in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point, stole data and have since tried to sell different sets of the information online for between $80,000 and $270,000 worth of bitcoin.
The attack is the latest and most severe in a string of cybersecurity incidents at the company, said Allie Mellen, a cybersecurity analyst at research firm Forrester Inc.
