WASHINGTON (Reuters) -The U.S. Federal Communications Commission (FCC) said late Wednesday it will investigate a data breach disclosed by T-Mobile US Inc impacting more than 47 million current, former and prospective customers.
The third-largest U.S. wireless carrier said personal data, including social security numbers and driver’s license information, of more than 40 million former and prospective customers was stolen along with data from 7.8 million existing T-Mobile wireless customers.
Dates of birth, first and last names were also stolen, the telecom services provider said, adding there was no indication their financial details had been compromised.
“Telecommunications companies have a duty to protect their customers’ information. The FCC is aware of reports of a data breach affecting T-Mobile customers and we are investigating,” an FCC spokesperson told Reuters.
The company, which had 104.8 million customers as of June, acknowledged the data breach on Sunday after U.S.-based digital media outlet Vice reported that a seller had posted on an underground forum offering private data, including social security numbers from a breach at T-Mobile servers.
T-Mobile also said approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed.
In 2015, AT&T Inc agreed to pay a $25 million fine to resolve an FCC investigation into consumer privacy violations at AT&T’s call centers.
Vice said the seller claimed that 100 million people had their data compromised in the breach. The seller was offering data on 30 million people for 6 bitcoin, or around $270,000.
Reports later suggested that the asking price had slumped and the entire data was being sold for just $200.
Reuters has not been able to check the veracity of the forum’s post.
T-Mobile’s data breach is the latest high-profile cyberattack as digital thieves take advantage of security weakened by work-from-home policies due the COVID-19 pandemic.
Earlier this month, cryptocurrency platform Poly Network lost $610 million in a hack and later offered the hacker or hackers a $500,000 “bug bounty”.
(Reporting by Derek Francis, Akanksha Rana and Subrat Patnaik in Bengaluru and David Shepardson in Washington; Editing by Rashmi Aich, Sriraj Kalluvila and Sam Holmes)