40 million US T-Mobile customers hit by data breach

A “highly sophisticated cyberattack” has stolen the information of 40 million T-Mobile customers in the US.

T-Mobile has announced that it had experienced a data breach, compromising the data of 40 million customers. The telecommunications provider described the breach as a “highly sophisticated cyberattack.” It said it is “taking immediate steps to help protect all individuals who may be at risk from this cyberattack”. It only identified the attack after online reports released last weekend of criminals attempting to sell a large database comprising T-Mobile customer information.

“Late last week, we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems,” it said.

“We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment.

“We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers.”

T-Mobile has emphasised that the financial details of the customers were not leaked in the breach. It has identified that the following data was compromised:

  • 7.8 million current postpaid customer accounts’ information.
  • 40 million records of old and prospective customers. 
  • The names, phone numbers, account numbers and PINs of 850,000 active prepaid customers.

T-Mobile has said that it has reset all account PINs to protect those affected. It also emphasised that no phone numbers, account numbers, PINs, passwords, or financial information of prospective customers were compromised.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” the company said.

“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”


This is the second major attack on the network provider. Hackers previously stole the information of 15 million current and potential T-Mobile customers in 2015. It has yet to be confirmed if former T-Mobile customers in the UK have been included in the breach.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

How to defend against Active Directory attacks that leave no...

Amber Donovan-Stevens • 16th September 2021

Cybercriminals are using new tactics and techniques to gain access to Active Directory in novel ways, making their attacks even more dangerous—and more necessary to detect. This article will explore a few types of attacks have been seen in the wild that leave no discernable trail or, at least, any evidence of malicious activity, explains...

8th worst in Europe: Cybersecurity for UK business

Amber Donovan-Stevens • 10th September 2021

In the article, Hayley Kershaw, AdvanceFirst Technologies, analyses the data from recent research to identify successful cybersecurity practices from countries achieving the top-ranking and how, with the UK’s commitment to cybersecurity, businesses can improve.

Join our webinar on 28th September: How the digital nomad generation influences business behaviour