T-Mobile, data for 6 million additional customers was compromised in breach

T-Mobile US said in a SEC filling that an additional 6 million customers were affected by its recent systems hack, taking the total to 54 million.

The company previously reported that the breach affected 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised.

“Our investigation is ongoing and will continue for some time, but at this point, we are confident that we have closed off the access,” T-Mobile said in a regulatory filing.

Some T-Mobile customers sued the company for damages late Thursday night in Seattle federal court, saying in a proposed class action that the cyberattack violated their privacy and exposed them to a higher risk of fraud and identity theft.

On Wednesday, T-Mobile disclosed that data from around 40 million former or potential customers had been compromised in a cyberattack. The data included names, birth dates, social security numbers, driver’s licenses and information from other types of identification. The company now says another 667,000 accounts of former customers were accessed, with attackers obtaining some personal data from those, but no SSNs or ID details.

On top of that, T-Mobile has identified another 5.3 million affected postpaid accounts. No SSNs or driver’s license/identification details were compromised from those, the company said, but the attackers accessed other identifiable information.

Around 850,000 active T-Mobile prepaid customers have been impacted as well, while the attackers may have garnered up to 52,000 names connected to current Metro by T-Mobile accounts too. Accounts of former Sprint prepaid and Boost Mobile customers are unaffected.

Other data was stolen in the cyberattack, including additional phone numbers and IMEI and IMSI numbers, but the company claims there was no personally identifiable information in those files. Meanwhile, T-Mobile still has “no indication” that customer financial details, such as credit card data, were affected.

T-Mobile’s investigation into the breach is ongoing and it will provide more details if it finds more affected accounts. The company says it’s “Confident that we have closed off the access and egress points the bad actor used in the attack” and that it has taken steps to mitigate the impact on customers.”

For instance, it has offered two years of identity protection service to anyone who thinks they might have been affected.