T-Mobile Data Breach Exposes Personal Information of 47.8 Million Individuals
T-Mobile confirmed a data breach impacting 47.8 million current, former, and prospective customers, after threat actors stole records from the company’s systems. The breach, discovered after the data appeared on an online forum, exposed sensitive information including names, dates of birth, Social Security numbers, and driver’s license or ID details.
The incident affected multiple customer groups differently:
- 7.8 million current postpaid customers had personal data compromised.
- Over 40 million former or prospective customers who had applied for credit with T-Mobile were also impacted.
- 850,000 active prepaid customers had their phone numbers and account PINs exposed, prompting T-Mobile to reset affected PINs and secure the leak.
While postpaid and former/prospective customers did not have financial information, account numbers, or passwords exposed, the breach highlights varying levels of risk across customer segments, particularly for prepaid users whose account security controls were directly compromised.
The incident underscores the large-scale exposure of identity data and the need for organizations to assess breach impacts based on account type and exposed data elements. T-Mobile has since taken steps to mitigate the breach, including shutting down the unauthorized access and implementing protective measures for affected accounts.
T-Mobile cybersecurity rating report: https://www.rankiteo.com/company/t-mobile
"id": "T-M1774995874",
"linkid": "t-mobile",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '47.8 million',
'industry': 'Telecommunications',
'name': 'T-Mobile',
'size': 'Large',
'type': 'Telecommunications'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '47.8 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Social Security numbers',
'Driver’s license/ID details',
'Phone numbers',
'Account PINs']},
'description': 'T-Mobile confirmed a data breach impacting 47.8 million '
'current, former, and prospective customers after threat '
'actors stole records from the company’s systems. The breach '
'exposed sensitive information including names, dates of '
'birth, Social Security numbers, and driver’s license or ID '
'details. The incident affected multiple customer groups, '
'including 7.8 million current postpaid customers, over 40 '
'million former or prospective customers, and 850,000 active '
'prepaid customers whose phone numbers and account PINs were '
'exposed.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Personal information (names, dates of birth, '
'Social Security numbers, driver’s license/ID '
'details, phone numbers, account PINs)',
'identity_theft_risk': 'High'},
'lessons_learned': 'The breach highlights the need for organizations to '
'assess breach impacts based on account type and exposed '
'data elements.',
'response': {'containment_measures': 'Shut down unauthorized access',
'remediation_measures': 'Reset affected PINs, secured the leak, '
'implemented protective measures for '
'affected accounts'},
'title': 'T-Mobile Data Breach Exposes Personal Information of 47.8 Million '
'Individuals',
'type': 'Data Breach'}