Past, present and prospective customers have been affected by the cyberattack.
T-Mobile said in an update on its latest data breach, issued Wednesday, that the personal data of more than 40 million customers was stolen by hackers. The data, which belonged to former and prospective customers, included names, dates of birth, driver’s license details and Social Security numbers.
In addition, the company said that the hackers had swiped data belonging to approximately 7.8 million current postpaid customers. It also confirmed that 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed.
The breach, which was first reported Sunday, is one of at least four to hit the mobile carrier since 2015. On this occasion, Vice reported that a seller on an underground forum was offering to sell the customer data for 6 Bitcoin (approximately $277,000). T-Mobile later confirmed it had been the victim of a cyberattack, and has now been investigating how many customers were affected for several days.
The company said in a press release that it was taking immediate steps to help protect affected customers and has been coordinating with law enforcement.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” said the company. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”