Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,621
16,765


T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers.

tmobilelogo.jpg

Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company data breach. At that time, it was not known if personal customer data had been accessed, but T-Mobile has now confirmed that the stolen data included personal information, such as customer names, dates of birth, SSN, and identification such as driver's licenses. There is as yet no indication that the data contained information about customer financial or payment information.

Currently, the information of 7.8 million current T-Mobile customers is believed to have been stolen, as well as information of over 40 million former or prospective customers. The company has been able to confirm that approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed, leading the company to proactively reset all of these PINs.

Customers are due to be contacted shortly with the news that T-Mobile will immediately offer two years of free identity protection services with McAfee's ID Theft Protection Service, implement an additional step to protect mobile accounts with Account Takeover Protection, and publish a new web page for information and solutions for customers to further protect themselves. Customers will also be encouraged to change their account's PIN. T-Mobile's investigation into the data breach is ongoing.

Article Link: T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers
 
Last edited:

The Cappy

macrumors 6502
Nov 9, 2015
465
819
Dunwich Fish Market
Can someone explain to me why they are keeping 40 million former customer’s and prospective customer’s information? Especially SSNs?
Customer data including SSNs was accessed and prospective customer data was accessed. That doesn’t mean prospective customer data included SSNs. Former customer data though… quite possibly they kept the data and just unchecked the box marked “current subscriber.”
 

rpt777

macrumors newbie
Aug 22, 2011
9
15
Seems to me that once they have checked you credit and you have an account, there is no reason form them to keep your personal data on file. They should just assign you a customer number, which would be your phone number, and then let you create a password and that is the only way in to your account.
 

MikeVarney

macrumors member
Jun 17, 2009
55
47
FFS, why didn't they encrypt all that data? What kind of security amateurs do they employ?
It very well could have been encrypted. However one inappropriately developed and subsequently stolen piece of source code would get right around that encryption.

Encryption is only good for security if the method of decryption isn't compromised as well.
 

rainafterthesun

macrumors 6502a
Jun 23, 2010
796
944
Still wondering how this effects sprint users :rolleyes:
Sprint was so **** up in my experience.
Someone @ sprint was able to create a user profile with my info (but obv not all of it is correct as it wasn’t authorized aka wasn’t me) but they did have my old ssn from previous account w/them. Hit my credit report as a delinquency. Had to dispute and luckily was successful.
 

Sasparilla

macrumors 68000
Jul 6, 2012
1,688
2,846
Wow they got the whole caboodle of info you can get.

Seeing the number of 50 million, not 50k mentioned in the article. Which would seem to be most of T's U.S. customer base.

As for why this happens over and over, its because there's no serious penalties for the companies and their executives when this happens. So the cost isn't high enough for them to spend the money....(its always that)
 

velocityg4

macrumors 603
Dec 19, 2004
6,434
3,407
Georgia
Maybe it's time the government develops a system for one time use keys for social security numbers. So, when companies want to do credit checks or background checks. It's only good for that one check and they don't get a persons real SSN permanently.

Perhaps for the purposes of credit. People can generate two keys. One being a one time use for a credit check. The second only able to send updates. Such as credit limits, usage, missed payments, &c. But is not possible to use for any new credit checks, lines of credit, &c.

That way people won't have to reveal their SSN. This could also be applied to employers, 1099 wages and so forth. They don't need your SSN. An alphanumeric key only good for reporting wages and such is all they need. As it would be keyed to your SSN.

Basically a system which minimizes the number of sources with your actual SSN. While still allowing checks and reporting. With random keys which have a limited scope of usage.
 

mzeb

macrumors regular
Jan 30, 2007
231
310
How about these companies actually lift a finger to secure this data before it gets exposed?
I suspect it was. However software and IT systems are created by humans and still fallible. These things will continue to happen.
What needs to happen is the passage of laws that when this data does leak the company is held responsible and the repercussions based on the severity of the information. ie, for each customer name that is leaked it’s a $10k fine and for each SSN it’s $1M. This will encourage companies to keep only the necessary data on customers or risk getting hit hard. I’m sure I already have another year or so of identity monitoring from a previous leak from some other company. This is a drop in the bucket compared to the potential damage caused.
 
  • Like
Reactions: SqlInjection

Freeangel1

Suspended
Jan 13, 2020
751
1,099
WOW! these guys using insecure Windows Servers tied to the Internet to keep their data on?
Or the better option LINUX!

I would always use LINUX servers in mission critical DATA.

Windows 10 and 11 client are great to use not connected to the internet.

But Windows Server is so insecure. I would never trust it to host large valuable data on the internet.

LINUX RULES for Mission Critical servers. UNIX even better !! BSD UNIX AWESOME.
 
Last edited:

w5jck

macrumors 6502a
Nov 9, 2013
650
892
I’ve had T-mobile service for a decade now, and this is at least the third time this has happened in the past few years! I hate Verizon and AT&T too much to switch to those vultures. Besides, in this day and time it is pretty common to see companies experiencing these breeches. A few years ago the US government had some of their employees data breeched too. I had worked for the US gov't twice in the past, and they notified me of my information being breeched. Since then I keep my credit reporting accounts closed down to help against identity theft. I only open them up briefly if I need to apply for credit. Tis the world we live in these days...
 
  • Like
Reactions: NoGood@Usernames
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.