T-Mobile US Inc said on Wednesday an investigation into a data breach revealed that personal data, including social security numbers and driver’s license information, of more than 40 million former and prospective customers was stolen.
The stolen files also included data from 7.8 million existing T-Mobile wireless customers.
Dates of birth, first and last names were also stolen, the telecom services provider said, adding there was no indication of their financial details being compromised.
The company, which had 104.8 million customers as of June, acknowledged the data breach on Sunday after U.S.-based digital media outlet Vice first reported that a seller had posted on an underground forum offering for sale some private data, including social security numbers from a breach at T-Mobile servers.
Vice said the seller claimed that 100 million people had their data compromised in the breach. The seller was offering data on 30 million people for 6 bitcoin, or around $270,000.
Reports later suggested that the asking price had slumped and the entire data was being sold for just $200.
Reuters has not been able to check the veracity of the forum’s post.
T-Mobile’s data breach is the latest high-profile cyberattacks as digital thieves take advantage of security weakened by work-from-home policies due to the COVID-19 pandemic.
Earlier this month, cryptocurrency platform Poly Network lost $610 million in a hack and later offered the hacker or hackers a $500,000 “bug bounty”.