Security News > 2021 > August > Un-carrier? Definitely Unsecure: T-Mobile US admits 48m customers' details stolen after downplaying reports

T-Mobile US has begun admitting to the theft of 100 million user accounts in stages, confessing overnight that 8 million people's personal details had been stolen from its servers.

In a statement the American mobile operator said: "Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued."

At the time, two days ago, T-Mobile confirmed to The Register: "We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved."

Around 850,000 PAYG customers have, so far, been confirmed by the mobile network operator to have had their names, numbers, and online account PINs compromised.

"No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed," said T-Mobile in its statement.

Data stolen by criminals included customers' first and last names, date of birth, social security numbers, and "Driver's license/ID information for a subset of current and former Postpay customers and prospective T-Mobile customers." Postpay is the American term for a standard mobile phone contract, contrasting with pre-paid/pay-as-you-go.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/18/t_mobile_us_admits_hack_48m_users/