As a part of its ongoing knowledge breach investigation, T-Mobile has confirmed the enormity of the stolen info. Roughly 47.8 million present and former or potential prospects have been affected by the cyberattack on its programs, the provider confirmed on Wednesday. Of that quantity, about 7.8 million are present T-Mobile postpaid accounts and the remainder are prior or potential customers who had utilized for credit score, the corporate added in a press release. 

Worryingly, the information contains some private info together with the primary and final names, date of start, SSN, and driver’s license/ID info for a “subset of customers.” So far, T-Mobile mentioned it doesn’t have any indication that the stolen information comprise cellphone numbers, account numbers, passwords or monetary info.

What’s extra, the corporate mentioned about 850,000 energetic T-Mobile pay as you go prospects additionally had their names, cellphone numbers and account PINs uncovered. The affected customers don’t embody Metro by T-Mobile, former Sprint pay as you go, or Boost customers and T-Mobile mentioned it has reset the PINs on these accounts. In addition, it claimed that “some additional information” from inactive pay as you go accounts was accessed by way of pay as you go billing information.

The findings from the provider’s preliminary evaluation come simply days after it was notified of an information breach. Initially, it was reported {that a} member of an underground discussion board claimed to have obtained the information for over 100 million T-Mobile prospects. The perpetrator was reportedly promoting info of about 30 million T-Mobile prospects for about $270,000 in Bitcoin. 

As a part of its compensation and mitigation efforts, T-Mobile is providing affected prospects two years of McAfee’s ID Theft Protection Service; recommending all postpaid customers change their PIN; and establishing a web based useful resource web page. T-Mobile mentioned that it started coordination with legislation enforcement on Tuesday as its investigation into the information breach — the third such assault it has suffered previously two years — continues.