- One of the most comfortable earbuds I've tested also has some serious ANC (and they're only $150)
- The 30+ best anti-Amazon Spring Sale deals 2025: Walmart, Best Buy, Costco, and more
- I picked the 21+ best Amazon Spring Sale headphone deals
- The 23+ best Amazon Spring Sale deals under $50
- I never leave home without this charging accessory from Baseus (buy one while it's still on sale)
T-Mobile Confirms 49 Million Customers Hit by Data Breach
T-Mobile has admitted that threat actors have stolen personal information on 48.6 million current, former and prospective customers.
The US carrier revealed in a notice yesterday that the breach affected 7.8 million current T-Mobile post-paid customer accounts, over 40 million records of former or prospective customers who had applied for credit and 850,000 active T-Mobile prepaid customers.
Previous reports had claimed that over 100 million customers might have been hit after a threat actor offered customer records for sale on a hacking forum.
T-Mobile said its investigation is still ongoing, and it’s unclear for now how the compromise occurred. However, the firm claimed that the “highly sophisticated cyber-attack” did not affect customers’ financial information.
Compromised personal data of post-paid customers and those applying for credit is thought to have included first and last names, dates of birth, Social Security numbers (SSNs) and driver’s license/ID information.
For the 850,000 active T-Mobile prepaid customers affected by the attack, the hacker is thought to have obtained names, phone numbers and account PINs.
T-Mobile said it’s offering affected customers free identity protection services for two years and recommends post-paid customers change their PIN, even though these numbers are not thought to have been compromised. The firm said it’s also offering account takeover protection for post-paid customers.
Ian McShane, field CTO at Arctic Wolf, said he was skeptical of the phrase “highly sophisticated” given the multiple breaches affecting T-Mobile in recent years.
“The disclosure is of course the right thing to do ethically and legally, but now people need to be on guard against opportunistic phishing and smishing attempts that take advantage of this new incident,” he added.
“The free ‘ID Theft Protection Service’ will be of little comfort for those who have had their SSN and related personal information exposed. The onus is once again on the consumer to change PINs and passwords, and maybe even consider switching phone numbers, as so many services can be linked for authentication purposes.”
There are fears that affected customers may be particularly exposed to SIM swapping attacks, where criminals use stolen personal information to pose as customers. They then trick sales staff into transferring the victim’s phone number to a SIM under their control, effectively hijacking any calls or texts, including log-in authentication codes from banks and other providers.
