Search

T-Mobile Confirms Data Breach Affecting 47.8 Million Current, Former and Prospective Customers

Cyber threats and incidents
By Evan Rowe

Related

Share

What happened

A T-Mobile data breach affected 47.8 million people across current, former, and prospective customer groups after records were stolen from the company’s systems. T-Mobile said approximately 7.8 million current postpaid customer records were taken, along with just over 40 million records tied to former or prospective customers who had previously applied for credit with the company. The company also said 850,000 active prepaid customers had their phone numbers and account PINs exposed. According to T-Mobile, the stolen data included first and last names, dates of birth, Social Security numbers, and driver’s license or ID information. The company said it shut down the leak on its servers after learning about it through an online forum and reset PINs for the affected prepaid accounts.

Who is affected

The direct exposure affects T-Mobile current postpaid customers, former customers, prospective customers who had applied for credit, and 850,000 active prepaid customers. The compromised data varied by group, with prepaid customers also having phone numbers and account PINs exposed, while postpaid and former or prospective customers did not have phone numbers, account numbers, PINs, passwords, or financial information compromised.

Why CISOs should care

This incident matters because it involved large-scale exposure of identity data across multiple customer populations, including current and non-current customers. It also shows how breach impact can differ across account types, with one subset facing additional account security risk when PINs and phone numbers are exposed.

3 practical actions

  1. Differentiate impact by customer segment: Separate affected populations by account type and exposed data elements quickly, because this incident involved materially different exposure across postpaid, former, prospective, and prepaid customers.
  2. Prioritize remediation where account controls were exposed: Move immediately on PIN resets and account protection measures when an incident affects live customer access controls, as T-Mobile did for impacted prepaid accounts.
  3. Pair notification with concrete customer protections: Align breach notifications with identity protection services and account hardening steps when exposed data includes high-risk identity information such as Social Security numbers and driver’s license details.

For more news about incidents involving exposure of personal information, click Data Breach to read more.

Previous article
Stats SA Data Breach Hits HR System as Hackers Demand $100,000 Ransom
Next article
Commvault Stock Drops 6.26% as Ransomware Warnings Highlight Cyber Resilience Need
Cyber threats and incidents

Critical Grafana Vulnerabilities Enable Remote Code Execution and DoS Attacks

What happened Critical Grafana vulnerabilities could allow attackers to achieve...
Cyber threats and incidents

Commvault Stock Drops 6.26% as Ransomware Warnings Highlight Cyber Resilience Need

What happened Commvault stock dropped 6.26% as the company’s messaging...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.