T-Mobile US Inc. said an investigation confirmed about 7.8 million current users had information stolen—along with more than 40 million records from past or prospective customers who’d applied for credit—in a cyberattack.
The stolen information included customers’ full names, dates of birth, Social Security numbers and IDs such as driver's licenses, the Bellevue, Washington-based company said in a statement on Wednesday. The hack doesn’t appear to have included credit card details or other financial information, it said.
The company said earlier this week that it was investigating claims that a widescale data breach had exposed customer details to hackers who were selling information online. The company is offering people affected by the attack two years of identity protection services and boosting security protocols on accounts that make it more difficult for fraudsters to take control.
Hackers gained access to a smaller number of prepaid accounts in an incident in 2019, which included names, billing addresses, phone numbers and account details. T-Mobile said at the time that it affected less than 1.5% of its customers and was quickly shut down.
T-Mobile’s shares were little changed in New York trading on Tuesday. The stock has gained 4.3% this year.