T-Mobile today confirmed at least 5.3 million more customers are affected in its most recent data breach, the details of which have been emerging since it confirmed the attack on Aug. 16.
Earlier this week, T-Mobile revealed data from approximately 7.8 million current T-Mobile postpaid customer accounts was compromised in the attack. This included their first and last names, dates of birth, Social Security numbers, and driver’s license/ID information. In addition, data from about 40 million former or prospective T-Mobile customers was exposed, including first and last names, dates of birth, SSNs, and driver’s license/ID information.
Now the company has also determined phone numbers, as well as IMEI and IMSI information – the usual identifying numbers associated with mobile phones – were also compromised. It also reports the attacker accessed 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, dates of birth, phone numbers, and IMEI and IMSI. Officials note the additional accounts didn’t have their SSN or driver’s license/ID data exposed.
Today’s updates also reveal an additional 667,000 accounts of former T-Mobile customers were accessed, exposing information including customer names, phone numbers, addresses, and dates of birth. These accounts also did not have SSN or driver’s license/ID information exposed.
Separately, additional stolen data files include phone numbers, IMEI, and IMSI numbers, but no personally identifiable information, they add.
“We continue to have no indication that the data contained in any of the stolen files included any customer financial information, credit card information, debit or other payment information,” T-Mobile says in a statement.
Read the full release for more details.