Today, T-Mobile shared another press release about its recent security breach. In today’s release, T-Mobile finally acknowledged that customers’ personal data was definitely compromised.
T-Mobile shared details about the scope of the breach:
Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.
While sensitive information was compromised, it looks like financial details, including credit card numbers, were safe:
We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information…Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information.
My biggest question now is whether T-Mobile has a good justification for keeping former customers’ SSNs on file.