WHAT’S BEING CLAIMED:
- T-Mobile revealed Wednesday that data from over 40 million customers who applied for credit had been exposed.
- The breach also accessed 850,000 active prepaid customer data, and some inactive prepaid accounts.
- The company announced that it would give two-year free identity protection services.
In a latest data breach incident, T-Mobile announced Wednesday that over 40 million people who applied for their credit were compromised. Information that were exposed included names, social security numbers and other data such as those from their driver’s license.
Accordingly, similar data from the current nearly 8 million T-Mobile customers who have monthly subscriptions were also jeopardized. Fortunately, though, the company said that information such as phone numbers, account numbers, PINs, passwords or other financial details of all its millions of records and accounts remained secured.
According to Gartner analyst Paul Furtado, T-Mobile had been victimized before, but “the sheer numbers [of this case] far exceed the previous breaches.”
“Yes, they have a big target on their back but that shouldn’t be a surprise to them,” Furtado said. “You have to start questioning the organization. How much are they actually addressing these breaches and the level of seriousness?”
T-Mobile also reported on Wednesday that around 850,000 active prepaid customer names, phone numbers and account PINs were compromised. They said that they were already resetting all of the exposed PINs.
The data breach also accessed some information from inactive prepaid accounts, but the company noted that there were no financial information, credit card information, debit or other payment information or Social Security numbers that were exposed.
Earlier this week, the company said that it was probing a data leak following an online forum by someone who offered to sell personal data of cellphone users. It also confirmed that an infiltration occurred to “some T-Mobile data” and that it had closed the access entry point.
Company CEO Mike Sievert told one customer on Twitter Tuesday that “if you were affected, you’ll hear from us soon.”
As of now, T-Mobile announced that it would immediately provide two-year free identity protection services. It also encouraged all monthly postpaid subscribers to change their PIN as they further investigate the breach.
“It’s a real indictment on T-Mobile and whether or not these customers would want to continue working with T-Mobile,” Forrester analyst Allie Mellen said. “Ultimately T-Mobile has a lot of really sensitive information on people and it’s just a matter of luck that, this time, the information affected was not financial information.”
Mellen argued that the cyber attack looked easy for the hackers since T-Mobile’s security was not robust enough.
“There was a gate left wide open for the attackers and they just had to find the gate and walk through it,” she said.
At present, T-Mobile is one of the US’ biggest cell phone service providers following its acquisition of Sprint last year. After the merge, the company reported over 102.1 million US subscribers.
Source: ABC News