T-Mobile said Friday that the data breach it disclosed earlier this week affected significantly more people than initially believed.
In a filing with the Securities and Exchange Commission, the carrier said an additional 5.3 postpaid accounts and 850,000 active T-Mobile prepaid accounts were affected. This brings the total number of affected consumers to more than 54 million.
On Wednesday, the company confirmed that hackers were able to access data on 7.8 million of its postpaid customers, along with the records of 40 million former and prospective customers.
Information stolen included customers’ first and last names, dates of birth, Social Security numbers, and driver’s license/ID information. In its latest filing with the SEC, the carrier said phone numbers and IMEI and IMSI details (identifiers for mobile devices and SIM cards respectively) were also compromised.
Mitigating the impact
T-Mobile maintained that it has "no indication" that affected customers’ financial details were exposed. The company said its investigation into the breach is ongoing, and more details will be provided as they’re uncovered.
T-Mobile emphasized that it’s "confident” that it has successfully “closed off the access and egress points the bad actor used in the attack.”
The company said it has notified affected account holders and taken steps to safeguard accounts. Customers who think they may have been affected are being offered two years of identity protection services.
Although no accounts PINs were compromised, T-Mobile has recommended that all postpaid customers proactively change their PIN by going online into their T-Mobile account or calling the Customer Care team by dialing 611 on their phone.