T-Mobile US said Friday that an ongoing investigation into a data breach has revealed that hackers gained access to personal information of an additional 5.3 million customers, bringing the total number of people affected to more than 53 million.
The third-largest U.S. wireless carrier had said earlier this week that personal data of more than 40 million former and potential customers had been stolen, along with data from 7.8 million existing T-Mobile wireless customers.
In the latest update, released days after the U.S. Federal Communications Commission (FCC) opened an investigation into the breach, T-Mobile revealed it had identified 5.3 million additional wireless subscribers affected by the breach, as well as 667,000 additional accounts. from former customers.
The data includes addresses, dates of birth and phone numbers of customers, the company said, adding that it had no indication that the data accessed contained financial information, such as credit card or other payment details.
Some T-Mobile customers sued the company late Thursday night for damages in federal court in Seattle, saying in a proposed class action that the cyberattack violated their privacy and exposed them to a higher risk of fraud and identity theft.
The wireless carrier is the latest victim of cyberattacks on major companies in the United States as hackers take advantage of the weakened privacy and security of user systems as a result of work-from-home policies in place since the start of the coronavirus pandemic.
In 2018, the company had been notified of a potential security breach that could have affected approximately 3 percent of its 77 million customers.
“T-mobile has had six other data breaches in the past four years,” said Doug Schmidt, a computer science professor at Vanderbilt University.
“It appears that their IT system is particularly vulnerable as they have not been able to fix their known security vulnerabilities during this time, which should be of concern to customers.”
T-Mobile said in a regulatory filing on Friday that while the investigation was ongoing, it was confident it had “closed access.”
