T-Mobile said Wednesday that data from 40 million former and prospective customers was compromised by hackers as part of a recent breach of the telecom giant.
The company noted that records of 7.8 million current customers were included in the stolen data, including customer names, dates of birth, Social Security numbers and driver’s license information.
T-Mobile stressed that no financial information, such as account numbers and PINs, were compromised.
The confirmation of the cyberattack came days after Motherboard reported that T-Mobile was investigating an online forum post that claimed records of up to 100 million people had been stolen as a result of an attack on the company’s servers.
According to Motherboard, the hacker involved was actively selling the data for millions of dollars in bitcoin through an underground forum.
T-Mobile noted Wednesday that it had begun investigating the claims that customer data had been compromised following the initial reports and that once it had confirmed that data had been stolen it notified law enforcement.
The company is currently in the process of notifying impacted individuals of the cyberattack and will offer two years of free identity protection services, along with creating a website to serve as a resource for tips to recover from a potential breach.
T-Mobile is also recommending that all postpaid customers change their PINs, confirming that 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs had been breached.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” the company wrote in a statement Wednesday. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
The breach comes amid a year of escalating cyberattacks on major U.S. companies and critical infrastructure that have seen thousands of private sector companies potentially compromised.
These have included the SolarWinds hack, discovered in December, which involved Russian hackers compromising nine U.S. federal agencies and 100 private sector groups, along with the exploitation of vulnerabilities in Microsoft’s Exchange Server application earlier this year, which saw thousands of groups potentially compromised.