Arrow-right Camera
The Spokesman-Review Newspaper

The Spokesman-Review Newspaper The Spokesman-Review

Spokane, Washington  Est. May 19, 1883
Clear Day 90° Clear
News >  Business

Data of more than 40 million exposed in T-Mobile breach

Aug. 18, 2021 Updated Wed., Aug. 18, 2021 at 3:35 p.m.

A T-Mobile store is shown at a shopping mall in Pittsburgh on Feb. 24. A hack of T-Mobile that compromised the user data 50 million customers leveraged a router in East Wenatchee, Wash.  (Associated Press)
A T-Mobile store is shown at a shopping mall in Pittsburgh on Feb. 24. A hack of T-Mobile that compromised the user data 50 million customers leveraged a router in East Wenatchee, Wash. (Associated Press)
Associated Press

NEW YORK — The names, Social Security numbers and information from driver’s licenses or other identification of just more than 40 million former and prospective customers that applied for T-Mobile credit were exposed in a recent data breach, the company said Wednesday.

The same data for about 7.8 million current T-Mobile postpaid customers appears to be compromised. No phone numbers, account numbers, PINs, passwords, or financial information from the nearly 50 million records and accounts were compromised, it said.

T-Mobile also confirmed that approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed.

The company said that it proactively reset all of the PINs on those accounts. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed.

There was also some additional information from inactive prepaid accounts accessed through prepaid billing files. T-Mobile said that no customer financial information, credit card information, debit or other payment information or Social Security numbers were in the inactive file.

The announcement comes two days after T-Mobile said that it was investigating a leak of its data after someone took to an online forum offering to sell the personal information of cellphone users.

The company said Monday that it had confirmed there was unauthorized access to “some T-Mobile data” and that it had closed the entry point used to gain access.

The company said that it will immediately offer two years of free identity protection services and is recommending that all of its postpaid customers change their PIN. Its investigation is ongoing.

T-Mobile, which is based in Bellevue, Washington, became one of the country’s largest cellphone service carriers, along with AT&T and Verizon, after buying rival Sprint.

T-Mobile has previously disclosed a number of data breaches over the years, including in Nov. 2019 and Aug. 2018, both of which involved unauthorized access to customer information.

In 2015, hackers stole personal information belonging to about 15 million T-Mobile wireless customers and potential customers in the U.S., which they obtained from credit reporting agency Experian.

The Spokesman-Review Newspaper

Local journalism is essential.

Give directly to The Spokesman-Review's Northwest Passages community forums series -- which helps to offset the costs of several reporter and editor positions at the newspaper -- by using the easy options below. Gifts processed in this system are not tax deductible, but are predominately used to help meet the local financial requirements needed to receive national matching-grant funds.

Active Person

Subscribe now to get breaking news alerts in your email inbox

Get breaking news delivered to your inbox as it happens.