The extent of T-Mobile's recent data breach is far greater than previously reported
While T-Mobile is certainly no stranger to data breaches, being the victim of several different cyberattacks with varying degrees of gravity over the last few years alone, the latest such security issue seems to be hands down the biggest and most far-reaching snafu ever experienced by the "Un-carrier."
way more customers than ever before after acquiring Sprint and spreading the low and mid-band 5G love across the nation at a breakneck pace, but even by Verizon's standards (which is still the largest US wireless service provider), having the personal information of over 50 million people compromised would look bad.Granted, Magenta has
Seeing that number rise to 100 million would obviously be even worse, and while we're not there yet, it sure looks like the original third-party report about this recent data breach was pretty much right on the money.
Another 6 million accounts or so had information "illegally accessed"
You know you're in trouble when 6 million is starting to sound like a mere drop in an ocean previously containing close to 48 million other drops.
Basically, T-Mo is today adding 5.3 million current postpaid customer accounts to an existing tally of "approximately" 7.8 million subscribers while "only" increasing the "about" 40 million former or prospective customers impacted by the cyberattack with 667,000 accounts of ex-customers newly labeled as compromised.
All irony and (valid) criticism aside, there's a very important distinction to be made between the 47.8 million people initially confirmed as victims of this massive breach and the additional 6 million or so current and former T-Mobile subscribers further identified as part of the same unfortunate group.
Specifically, while the first batch of compromised accounts and data files included everything from first and last names to birth dates, Social Security numbers (SSNs), and driver's license/ID information, this second and considerably smaller group of people apparently did not have any SSNs or driver's license/ID info stolen without their knowledge.
That's... somewhat comforting, although it still leaves all the other stuff in danger of falling into the wrong hands. What's worse is that T-Mo can now confirm that phone numbers, as well as IMEI and IMSI information, were also compromised for all 13.1 million current postpaid accounts so far identified as targets of the attack.
As explained by the "Un-carrier" in its latest update of the very delicate situation on the company's official website, IMEI and IMSI are the "typical identifier numbers associated with a mobile phone", which combined with everything else, make this a fiasco of colossal proportions.
What happens now for T-Mobile?
The obvious first answer to that question is that the investigation into the author and extent of the data breach is set to "continue for some time", which means that the numbers detailed above could well continue to surge for "some time."
The silver lining in T-Mo's investigation so far is that no financial information has been deemed as "compromised" or breached in any way, and while new revelations could surface at any point, it seems unlikely that a discovery so important will be made later in the course of said investigation.
Meanwhile, although the nation's second-largest mobile network operator is confident the access and "egress points used in the attack" are closed off for good, it should come as no surprise that the company is itself under investigation and likely to be fined by the Federal Communications Commission to the tune of $250 million.
Perhaps more worryingly for investors, T-Mobile share value dropped no less than $5.3 billion in the days following the initial data breach report, with significant customer losses also predicted for the next couple of quarters as a direct result of the "reputational damage inflicted" by the cyberattack.
Speaking of customers, Magenta claims to have sent "communications to millions" of people, providing support in "various ways", the most notable of which is probably an offer of two free years of McAfee ID Theft Protection Service for "any person who believes they may be affected." That's definitely... something, but it won't be enough to keep the FCC satisfied or those subscriber gains going.