T-Mobile Says 6 Million More Customer Files Accessed in Data Breach

Advertisements



T-Mobile US Inc. said the hack of its user database exposed an additional six million customers’ details, bringing the total number of compromised user records to more than 54 million as the carrier continues to investigate the extent of the intrusion.

In an update Friday, the company said 5.3 million more current T-Mobile accounts had their names, addresses, birth dates and phone numbers exposed, though their Social Security numbers or driver’s license details weren’t included. The company also identified a further 667,000 former clients who had some personal information compromised.

T-Mobile also said the hack accessed IMEI and IMSI data—serial numbers tied to phones—from current customers. These phone records were taken from the 5.3 million accounts as well as 7.8 million customers that T-Mobile had identified as victims earlier this week. The Bellevue, Wash., company didn’t disclose the number of people tied to those accounts. The average account covers more than one phone line.

Security researchers said the phone-specific serial numbers, when paired with other personal information, could prove particularly damaging in the hands of criminals who use the data to commit fraud. Attackers with information about a person’s subscriber identity module, or SIM, can use the information to impersonate a victim and take over his or her phone line.

“Our investigation is ongoing and will continue for some time, but at this point, we are confident that we have closed off the access and egress points the bad actor used in the attack,” the company said.



Source link