T-Mobile data breach: More than 50 million people now affected

The company is reportedly now facing a class-action lawsuit, according to papers filed in a Washington court and seen by Vice.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read

T-Mobile issued the update on Wednesday.

Jakub Porzycki/NurPhoto via Getty Images

The fallout from T-Mobile's latest data breach is going from bad to worse. In an update issued Friday, the mobile carrier reported that hackers had illegally accessed one or more associated customer names, addresses, dates of birth, phone numbers, IMEIs and IMSIs of 5.3 million current postpaid customers. T-Mobile also said it had identified an additional 667,000 accounts of former customers that were accessed, with customer names, phone numbers, addresses and dates of birth compromised.

See also: How to protect your personal data after a breach

The new numbers push the total number of people affected by the breach past the 50 million mark.

T-Mobile noted that in its most batch of discoveries, affected customers' driver's license details and Social Security numbers weren't illegally accessed.

On Wednesday, the company said in a post that the personal data of more than 40 million customers was stolen by hackers. The data, which belonged to former and prospective customers, included names, dates of birth, driver's license details and Social Security numbers. 

In addition, the company said that the hackers had swiped data belonging to approximately 7.8 million current postpaid customers. It also confirmed that 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed.

Vice reported Friday that the company is now facing a class-action lawsuit over the breach, based on papers filed in a Washington court.

Watch this: T-Mobile data breach: What you need to know

The breach, which was first reported Sunday, is one of at least four to hit the mobile carrier since 2015. On this occasion, Vice reported that a seller on an underground forum was offering to sell the customer data for 6 Bitcoin (approximately $277,000). T-Mobile later confirmed it had been the victim of a cyberattack, and has now been investigating how many customers were affected for several days.

The company said in a press release at the time that it was taking immediate steps to help protect affected customers and has been coordinating with law enforcement.

"We take our customers' protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack," said the company. "While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve."