Mobile phone provider T-Mobile has confirmed that information from nearly 48-million current and potential customers has been stolen in a cyberattack.

The company says it has been investigating since last week after learning that someone compromised its servers.

T-Mobile says it has since closed the entry point, but not before some personal information was stolen.

“We have no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information,” T-Mobile said in a statement.

However, some of the data accessed did include customers’ first and last names, date of birth, Social Security Numbers, and driver’s license/ID information.

A preliminary analysis indicates that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.

No phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers, according to T-Mobile.

T-Mobile says approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed. The company has reset all the PINs on these accounts to help protect customers, and we will be notifying those customers. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed, according to the company.

Additional information from inactive prepaid accounts accessed through prepaid billing files was accessed. No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file, according to a T-Mobile statement.

The company says it has taken the following steps to help protect those who may be at risk from the cyberattack:

  • Offering 2 years of free identity protection services with McAfee’s ID Theft Protection Service.
  • Recommending all T-Mobile postpaid customers proactively change their PIN by going online into their T-Mobile account or calling our Customer Care team by dialing 611 on your phone. This precaution was taken even though T-Mobile says it has no knowledge that any postpaid account PINs were compromised.
  • Offering to protect mobile accounts with T-Mobile’s Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.
  • Publishing a web page for one-stop information and solutions to help customers take steps to further protect themselves.