T-Mobile US Inc. said it suffered an intrusion into a company database and was investigating the extent of the breach, after personal data on some of its wireless subscribers was found for sale on the web.
The company, which has more than 100 million subscribers, said Monday that “unauthorized access to some T-Mobile data occurred” but that it hadn’t determined whether personal information was involved.
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the company said. “This investigation will take some time but we are working with the highest degree of urgency.”
The data breach, reported earlier by Vice’s Motherboard tech news website, was said to cover customers’ names, addresses, Social Security numbers and drivers-license details.
As of June, T-Mobile served about 84 million connections, including cellphones, mobile hotspots and other devices, through more than 26 million postpaid accounts. Cellphone carriers typically run a credit check on customers with postpaid plans, which bill subscribers for service after it is rendered. T-Mobile and its Metro brand serve another 21 million connections under prepaid voice and data plans that don’t require a credit check.