The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

T-Mobile affirms data breach involving, current, former customers

A mobile phone running on the T-Mobile wireless network. (Photo: The Desk)

The personal information of more than 50 million current and former T-Mobile wireless customers was compromised in a massive data breach, the company said this week.

The affirmation comes after a reporter with the website Motherboard spotted posts on a so-called “Dark Web” marketplace that offered batches of the data for sale.

In a statement published on Wednesday, T-Mobile said names, addresses, dates of birth, driver’s license information and Social Security Numbers of its current and former customers were included in the breached data.

T-Mobile said the customer data was mostly connected to current and former customers who applied for various credit products through T-Mobile. The company is known to run credit background checks on customers who want to purchase certain devices, like expensive smartphones, on installment; some other customers are asked to undergo a credit check in order to get post-paid wireless service.

Along with the credit information, personal information of around 7.8 million T-Mobile post-paid service customers was included in the data breach, along with service-related information for hundreds of thousands of T-Mobile pre-paid customers.

No specific financial information like credit cards or bank account numbers were apparently compromised, the company said, though its investigation is still ongoing. The breach did not extend to other T-Mobile brands, including Metro by T-Mobile (“MetroPCS”), Boost Mobile or Sprint.

An internal investigation revealed security gaps in some servers used by T-Mobile allowed an unidentified “bad actor” to gain access to the customer information, the company said. After consulting “world-leading cybersecurity experts,” the company was able to shut off outside access to those servers.

T-Mobile said affected customers are being contacted with an offer to subscribe to two years of free identity theft protection services offered by McAfee.

It was the third known data breach to hit T-Mobile’s servers in less than two years. In January, the company said similar customer information was stolen through a similar incident, and a phishing campaign against some T-Mobile employees in 2020 led to the theft of other customer-related information.

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is a nationally-recognized, award-winning journalist who has covered the business of media, technology, radio and television for more than 11 years. He is the publisher of The Desk and contributes to Know Techie, Digital Content Next and StreamTV Insider. He previously worked for Thomson Reuters, the Walt Disney Company, McNaughton Newspapers and Tribune Broadcasting.
Home » News » Industries » Security » T-Mobile affirms data breach involving, current, former customers