T-Mobile has shared preliminary findings from their investigation into the recent data breach incident.
According to an updated blog post from T-Mobile Newsroom, T-Mobile has confirmed that a “subset of T-Mobile data had been access by unauthorized individuals”. It appears there are two separate groups of affected customers: Postpaid and Prepaid.
47.8 Million Postpaid Customers
The first group affected is a set of active and former/prospective postpaid customers. 7.8 million of them are active postpaid customers, while a remaining 40 million are former or prospective customers who had previously provided info to T-Mobile for credit checks.
They state that there is no indication that the data contained in the stolen files included any customer financial or payment information whatsoever. They did however contain some personal info, including first and last names, dates of birth, Social Security Numbers, and driver’s license information.
T-Mobile is clear that no phone numbers, account numbers, PINs, passwords, or financial information was included in this part of the breach.
T-Mobile is taking the following steps to mitigate the issue:
- Offering 2 years of free identity protection services via McAfee’s ID Theft Protection Service
- Recommending all postpaid customers change their PINs, even though there is no indication PINs were leaked
- Offering an “extra step to protect your mobile account with our Account Takeover Protection capabilities”
T-Mobile has created a one-stop webpage for info and solutions about the breach here: https://www.t-mobile.com/brand/data-breach-2021
It’s unclear what T-Mobile’s “Account Takeover Protection capabilities” are, but it could potentially refer to the hidden NOPORT and NOSWAP features. Those features actively lock and prevent porting out numbers from accounts and SIM card swaps, respectively. NOPORT and NOSWAP were previously only available to customers that had already been previously attacked, and has been a highly requested feature of the tech savvy T-Mobile customer for a while now.
850K+ Prepaid Customers
The second group affected by this data breach is a set of 850,000 active T-Mobile prepaid customers. Importantly, this only includes customers with T-Mobile branded prepaid plans, and not Metro by T-Mobile, Sprint prepaid, or Boost customers.
The affected prepaid customers appear to have had their names, phone numbers, and account PINs exposed. T-Mobile states they have already reset all PINs on these accounts and will be informing affected customers immediately.
T-Mobile also states that another set of inactive prepaid accounts were accessed as well, though the number of affected accounts in this category is not shared. These customers had their info accessed “through prepaid billing files”. Neither financial/payment info nor SSN info was breached in this file. It’s not clear what info exactly was taken from these affected inactive accounts.
Overall, it appears the original tally of 100 million affected customers was a bit of an exaggeration. It also appears the type of data breached was less severe than originally thought. That being said, having almost 50 million customer accounts affected by a data breach is still massive.
Visit this link to see T-Mobile’s dedicated one-stop info page for this breach.