T-Mobile says thousands and thousands extra folks have been impacted by its than initially believed. In a Securities and Exchange Commission submitting, the corporate a further 6 million or so accounts have been affected, taking the overall to greater than 54 million.

On Wednesday, T-Mobile that information from round 40 million former or potential clients had been compromised in a cyberattack. The information included names, delivery dates, social safety numbers, driver’s licenses and knowledge from different sorts of identification. The firm now says one other 667,000 accounts of former clients have been accessed, with attackers acquiring some private information from these, however no SSNs or ID particulars.

In the earlier disclosure, T-Mobile stated roughly 7.8 million present holders of T-Mobile postpaid accounts have been impacted, with attackers gaining not less than some clients’ private information. The firm now says cellphone numbers and IMEI and IMSI particulars (identifiers for cell units and SIM playing cards respectively) have been compromised as properly.

On prime of that, T-Mobile has recognized one other 5.3 million affected postpaid accounts. No SSNs or driver’s license/identification particulars have been compromised from these, the corporate stated, however the attackers accessed different identifiable info.

Around 850,000 energetic T-Mobile pay as you go clients have been impacted as properly. The attackers might have garnered as much as 52,000 names related to present Metro by T-Mobile accounts too. Accounts of former Sprint pay as you go and Boost Mobile clients are unaffected.

Other information was stolen within the cyberattack, together with extra cellphone numbers and IMEI and IMSI numbers, however the firm claims there was no personally identifiable info in these recordsdata. Meanwhile, T-Mobile nonetheless has “no indication” that buyer monetary particulars, corresponding to bank card information, have been affected.

A member of an underground discussion board to have information for greater than 100 million T-Mobile clients. They reportedly tried to promote info of round 30 million of these for about $270,000 value of Bitcoin.

T-Mobile’s investigation into the breach is ongoing and it’ll present extra particulars if it finds extra affected accounts. The firm says it is “confident that we have closed off the access and egress points the bad actor used in the attack” and that it has taken steps to mitigate the impression on clients. For occasion, it has provided two years of identification safety service to anybody who thinks they may have been affected.