The latest in the series of hacks on the company’s millions of customers’ data comes on the heels of two attacks in 2020, one in 2019, and another in 2018. This most recent breach is by far the largest and has affected at least 47 million current and former T-Mobile customers, according to numbers released by the mobile giant.
Their preliminary analysis showed that almost 8 million current postpaid customers and 40 million records of former or prospective customers who had at one point applied for credit with the company were taken in what the company called a “highly sophisticated cyberattack.”
“We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information,” the statement said, though it continued, “Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.”
They said the breach came to light when a hacker began claiming in online forums he had millions of T-Mobile customer records to sell.
Prior to this massive breach which affects nearly half of T-Mobile’s over-100 million customers, the company reported being hacked twice in 2020, in March and then again in December. These were smaller incidents.
The March attack happened through the company’s email vendor and affected some customers and employees. “Information accessed illegally may have included names and addresses, phone numbers, account numbers, rate plans and features, and billing information,” T-Mobile said.
For some users “Social Security numbers, financial account information, and government identification numbers.”
A spokesperson for T-Mobile said the December 2020 breach affected 0.2 percent of all T-Mobile customers, roughly 200,000 people. Here, only “customer proprietary network information” was leaked, meaning call logs, but no financial or social security information.
T-Mobile also confirmed a November 2019 incident that affected some pre-paid customers in the United States. Those affected received a text and a posted notice saying the cybersecurity team had “discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account.”
The 2018 data breach, which occurred just as T-Mobile was merging with Sprint, affected about 2 million customers in what the company called “unauthorized capture of data.” No financial data was compromised, but personal info such as name, address and birthdate was, according to a statement.
Newsweek reached out to T-Mobile for comment on their repeated susceptibility to data breaches but did not immediately hear back.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” the statement issued Tuesday said.