Although related investigations are still ongoing, US telecom operator T-Mobile has confirmed that more than 40 million ex-customers or potential customers who have applied for credit and 7.8 million post-paid customers (customers with current contracts) have had their records stolen. Previously, hackers sold 100 million pieces of user information on the dark web. Although the number currently admitted is only half, it is still very staggering.
The data in the stolen files contain important personal information, including name, date of birth, social insurance number and driver’s license/ID number-you can use this information to create an account in the name of another person or hijack an existing account. Obviously, it does not include phone number, account number, personal identification number or password.
And the scale of this leak is not limited to this. More than 850,000 prepaid T-Mobile users are also victims of the vulnerability. For them, the exposed data includes names, phone numbers, and account passwords.
The affected customers have reset their passwords and will be notified immediately. The information of some inactive prepaid accounts was also accessed, and the specific information is unknown. However, T-Mobile stated that “there is no customer’s financial information, credit card information, debit card or other payment information or SSN in this inactive file.
T-Mobile responded: Customers trust us with their private information, and we protect this information with the utmost concern. A recent cybersecurity incident caused some data to be harmed, and we apologize for that. We take this issue very seriously. We strive to make our investigation status and what we are doing transparent to help protect you.
