The personal information of more than 50 million current and former T-Mobile wireless customers was compromised in a massive data breach, the company said this week.
The affirmation comes after a reporter with the website Motherboard spotted posts on a so-called “Dark Web” marketplace that offered batches of the data for sale.
In a statement published on Wednesday, T-Mobile said names, addresses, dates of birth, driver’s license information and Social Security Numbers of its current and former customers were included in the breached data.
T-Mobile said the customer data was mostly connected to current and former customers who applied for various credit products through T-Mobile. The company is known to run credit background checks on customers who want to purchase certain devices, like expensive smartphones, on installment; some other customers are asked to undergo a credit check in order to get post-paid wireless service.
Along with the credit information, personal information of around 7.8 million T-Mobile post-paid service customers was included in the data breach, along with service-related information for hundreds of thousands of T-Mobile pre-paid customers.
No specific financial information like credit cards or bank account numbers were apparently compromised, the company said, though its investigation is still ongoing. The breach did not extend to other T-Mobile brands, including Metro by T-Mobile (“MetroPCS”), Boost Mobile or Sprint.
An internal investigation revealed security gaps in some servers used by T-Mobile allowed an unidentified “bad actor” to gain access to the customer information, the company said. After consulting “world-leading cybersecurity experts,” the company was able to shut off outside access to those servers.
T-Mobile said affected customers are being contacted with an offer to subscribe to two years of free identity theft protection services offered by McAfee.
It was the third known data breach to hit T-Mobile’s servers in less than two years. In January, the company said similar customer information was stolen through a similar incident, and a phishing campaign against some T-Mobile employees in 2020 led to the theft of other customer-related information.