T-Mobile data breach could be much worse than previously thought

An additional 5.3m T-Mobile customers are affected

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The recentT-Mobile data breachin which a hacker claims to have stolen the personally identifiable information (PII) of roughly 100m of the mobile carrier’s customers may actually be much worse as the company has revealed new details from its investigation into the matter.

Earlier this week, a hacker posted on anunderground forumin an attempt to sell a pool of data on the company’s customers which reportedly included their social security numbers (SSN), phone numbers, names, addresses, unique IMEI numbers and driver’s license information.

Now though, T-Mobile has confirmed in anew poston its site that 7.8m of its current postpaid or on contract customers did have all of the data mentioned above stolen as a result of the breach. However, the hacker was also able to acquire theirIMEI(International Mobile Equipment Identity) that is assigned to every mobile device as well as theirIMSI(International Mobile Subscriber Identity) that is used to identify theirSIM card.

While a cybercriminal could use the exposed personal information of affected T-Mobile customers to commitidentity theft, their IMSI information could potentially be used inSIM swapping attackswhere an attacker takes over a user’s phone number to intercept two-factor authentication (2FA) codes as well as other data being sent to their smartphone.

T-Mobile data breach

T-Mobile also revealed that an additional 5.3m of its postpaid customers are affected by the breach though apparently their driver’s licenses and social security numbers weren’t exposed.

The accounts of 667k former T-Mobile customers were exposed as well though thankfully, former Sprint prepaid and Boost Mobile customers didn’t have their information stolen during the breach. Unfortunately, the same can’t be said for 52kMetro by T-Mobilecustomers who also had their information stolen.

Both T-Mobile and he FCC are currently investigating the data breach and so far, one class-action lawsuit has been filed against the mobile carrier.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Current T-Mobile customers who are concerned that their data may have been exposed canvisit this pagefor more information on how to sign up for the company’s Scam Shield which offers scam-blocking protection and other anti-scam features. The company is also offering a free two year subscription to McAfee’s ID Theft Protection service to affected customers.

We’ll likely hear more regarding the breach and how the hacker was able to penetrate T-Mobile’s systems once the company and the FFC’s investigation is complete.

ViaThe Verge

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

We might have our first look at the long-rumored Samsung tri-fold