T-Mobile has confirmed that criminals stole the personal information of more than 40 million current and former customers, although it states no financial details were leaked as a result.
The breach was only discovered by the US-based company following reports that criminals were attempting to sell a large database containing its customer data online.
Although T-Mobile cautioned that it had “no indication” any financial information, including credit or debit card details, was contained in the stolen files, it confirmed that personal data was lost.
“While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information,” the company stated.
Among the data accessed was “customers’ first and last names, date of birth, SSN, and driver’s license/ID information”.
The company’s initial analysis indicates that approximately 7.8 million current customers are affected by the breach, as well as 40 million former and prospective customers “who had previously applied for credit with T-Mobile”.
It is not yet clear if customers affected by the breach are solely based in the US.
The company’s UK brand, T-Mobile UK, was rebranded as EE in 2012 and sold to BT in 2016 for over £12bn.
Hackers previously stole the personal information relating to 15 million T-Mobile customers and potential customers in the US in 2015.
The company has not explained how the customer information was stolen in this instance, although it described the hack as a “highly sophisticated cyberattack”.
Despite this, the company added it “located and immediately closed the access point that we believe was used to illegally gain entry to our servers”.
T-Mobile US is listed on the New York Stock Exchange where its share price has dropped by more than 2.5% in the past five days.