Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.


macrumors bot
Original poster
Apr 12, 2001

T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers.


Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company data breach. At that time, it was not known if personal customer data had been accessed, but T-Mobile has now confirmed that the stolen data included personal information, such as customer names, dates of birth, SSN, and identification such as driver's licenses. There is as yet no indication that the data contained information about customer financial or payment information.

Currently, the information of 7.8 million current T-Mobile customers is believed to have been stolen, as well as information of over 40 million former or prospective customers. The company has been able to confirm that approximately 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were also exposed, leading the company to proactively reset all of these PINs.

Customers are due to be contacted shortly with the news that T-Mobile will immediately offer two years of free identity protection services with McAfee's ID Theft Protection Service, implement an additional step to protect mobile accounts with Account Takeover Protection, and publish a new web page for information and solutions for customers to further protect themselves. Customers will also be encouraged to change their account's PIN. T-Mobile's investigation into the data breach is ongoing.

Article Link: T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers
Last edited:

The Cappy

macrumors 6502a
Nov 9, 2015
Dunwich Fish Market
Can someone explain to me why they are keeping 40 million former customer’s and prospective customer’s information? Especially SSNs?
Customer data including SSNs was accessed and prospective customer data was accessed. That doesn’t mean prospective customer data included SSNs. Former customer data though… quite possibly they kept the data and just unchecked the box marked “current subscriber.”


macrumors newbie
Aug 22, 2011
Seems to me that once they have checked you credit and you have an account, there is no reason form them to keep your personal data on file. They should just assign you a customer number, which would be your phone number, and then let you create a password and that is the only way in to your account.


macrumors member
Jun 17, 2009
FFS, why didn't they encrypt all that data? What kind of security amateurs do they employ?
It very well could have been encrypted. However one inappropriately developed and subsequently stolen piece of source code would get right around that encryption.

Encryption is only good for security if the method of decryption isn't compromised as well.


macrumors 6502a
Jun 23, 2010
Still wondering how this effects sprint users :rolleyes:
Sprint was so **** up in my experience.
Someone @ sprint was able to create a user profile with my info (but obv not all of it is correct as it wasn’t authorized aka wasn’t me) but they did have my old ssn from previous account w/them. Hit my credit report as a delinquency. Had to dispute and luckily was successful.


macrumors 68000
Jul 6, 2012
Wow they got the whole caboodle of info you can get.

Seeing the number of 50 million, not 50k mentioned in the article. Which would seem to be most of T's U.S. customer base.

As for why this happens over and over, its because there's no serious penalties for the companies and their executives when this happens. So the cost isn't high enough for them to spend the money....(its always that)


macrumors 604
Dec 19, 2004
Maybe it's time the government develops a system for one time use keys for social security numbers. So, when companies want to do credit checks or background checks. It's only good for that one check and they don't get a persons real SSN permanently.

Perhaps for the purposes of credit. People can generate two keys. One being a one time use for a credit check. The second only able to send updates. Such as credit limits, usage, missed payments, &c. But is not possible to use for any new credit checks, lines of credit, &c.

That way people won't have to reveal their SSN. This could also be applied to employers, 1099 wages and so forth. They don't need your SSN. An alphanumeric key only good for reporting wages and such is all they need. As it would be keyed to your SSN.

Basically a system which minimizes the number of sources with your actual SSN. While still allowing checks and reporting. With random keys which have a limited scope of usage.


macrumors 6502
Jan 30, 2007
How about these companies actually lift a finger to secure this data before it gets exposed?
I suspect it was. However software and IT systems are created by humans and still fallible. These things will continue to happen.
What needs to happen is the passage of laws that when this data does leak the company is held responsible and the repercussions based on the severity of the information. ie, for each customer name that is leaked it’s a $10k fine and for each SSN it’s $1M. This will encourage companies to keep only the necessary data on customers or risk getting hit hard. I’m sure I already have another year or so of identity monitoring from a previous leak from some other company. This is a drop in the bucket compared to the potential damage caused.
  • Like
Reactions: SqlInjection


Jan 13, 2020
WOW! these guys using insecure Windows Servers tied to the Internet to keep their data on?
Or the better option LINUX!

I would always use LINUX servers in mission critical DATA.

Windows 10 and 11 client are great to use not connected to the internet.

But Windows Server is so insecure. I would never trust it to host large valuable data on the internet.

LINUX RULES for Mission Critical servers. UNIX even better !! BSD UNIX AWESOME.
Last edited:


Nov 9, 2013
I’ve had T-mobile service for a decade now, and this is at least the third time this has happened in the past few years! I hate Verizon and AT&T too much to switch to those vultures. Besides, in this day and time it is pretty common to see companies experiencing these breeches. A few years ago the US government had some of their employees data breeched too. I had worked for the US gov't twice in the past, and they notified me of my information being breeched. Since then I keep my credit reporting accounts closed down to help against identity theft. I only open them up briefly if I need to apply for credit. Tis the world we live in these days...
  • Like
Reactions: NoGood@Usernames
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.