Data on nearly 8 million T-Mobile customers was stolen by a hacker, the company said late Tuesday.
A preliminary analysis also signaled that information on just over 40 million additional people who applied for credit from T-Mobile was also stolen.
No phone numbers, account numbers, PINs, passwords, or financial information was compromised for most people, according to the company. However, the phone numbers, account PINS, and names of about 850,000 prepaid customers were exposed.
The discovery came after a hacker claimed in an online forum this month that they had stolen data from T-Mobile.
The company became aware of the claim and launched an investigation.
Cybersecurity experts tapped by T-Mobile identified an access point believed to be used by the hacker and closed it.
This week, experts verified that some data was accessed by hackers, and began coordinating with law enforcement.
“While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information,” the company said.
The stolen data includes customer names, dates of birth, social security numbers, and driver’s license information.
T-Mobile is now offering two years of free identity protection services and plans to publish a webpage soon that includes recommendations for what current, former, and prospective customers should do in the wake of the breach.
For now, the company recommends all T-Mobile customers change their PINS. T-Mobile already reset the PINS for the prepaid customer accounts that were exposed.
A person who identified themselves as the seller of the hacked information told Vice News that they had data for over 100 million people from T-Mobile servers.
The seller was asking for 6 bitcoin for the hacked data. Bitcoin are currently selling for about $45,100 each.
T-Mobile data have been exposed before. A breach at Experian, a credit bureau, left Social Security numbers and other information for approximately 15 million people who applied for credit from T-Mobile exposed.