More than 40 million T-Mobile customers have been affected by a data breach, the company has now confirmed.
The company said it was “taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack”.
It blamed the breach on a “highly sophisticated cyberattack”.
The firm also acknowledged that while criminals stole personal information, no financial details were leaked as a result.
The telecom giant confirmed that hackers had gained access to its systems on Monday.
The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data.
“Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems,” it said.
“We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment.
“We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers.”
In a statement, the company revealed that their investigations confirmed that more than 7.8 million current T-Mobile postpaid customer accounts’ information were in the stolen files and over 40 million records of former or prospective customers were also impacted by the breach.
T-Mobile revealed that 850,000 active prepaid customer names and account PINs were also exposed but the company has since reset all of the PINs on those accounts in order to protect its customers from further harm.
It added that no phone numbers, account numbers, passwords or financial information were compromised in any of the files of customers and prospective customers.
“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” they added.
In 2015, hackers stole the personal information of 15 million T-Mobile customers and potential customers in the US. It is unclear yet whether former UK clients have been also affected by this data breach.
In 2012, T-Mobile UK was rebranded as EE and then sold to BT in 2016 for more than £12 billion.
