T-Mobile will offer two years of free identity theft protection services after hackers stole data on roughly 49 million U.S. customers and potential customers, according to a statement from the mobile carrier. The data breach only became public over the past weekend after hackers offered to sell the data for six bitcoin, or roughly $US272,400 ($376,075) based on the current price.
T-Mobile first confirmed data was stolen on Monday but the company didn’t share at that time what was stolen. The mobile carrier now says the compromised data of 48 million customers includes first and last names, dates of birth, social security numbers, and driver’s licence information. An additional 771,107 T-Mobile prepaid customer names, phone numbers, and account PINs were also compromised.
“While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information,” T-Mobile told Gizmodo in a statement over email.
While T-Mobile says data on roughly 49 million people was taken, the hackers say it’s closer to 100 million. Thankfully, neither the hackers nor T-Mobile claim any credit card information has been compromised.
“We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information,” T-Mobile continued.
But even with that small bit of comfort, T-Mobile still says data on roughly 49 million people was taken.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company told Gizmodo.
The company has promised to give away two years of free identity protection services through McAfee’s ID Theft Protection Service and will encourage customers to sign up for T-Mobile’s Account Takeover Protection service. T-Mobile is also encouraging everyone to change their PIN numbers.
The mobile carrier will be publishing a special webpage later Wednesday with additional information about the hack, according to the company. The hackers took some old data on prepaid customers that may no longer have a relationship with T-Mobile and it’s not clear whether the company will try to contact those people about the data breach.
T-Mobile did not immediately respond to additional questions from Gizmodo overnight about the discrepancy between the 49 million users the company acknowledged had their data compromised and the 100 million claimed by the hackers. We’ll update this article if we hear back from the company.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile said.
“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”