T-Mobile US said on Friday that an ongoing investigation into a data breach revealed that hackers accessed personal information from 5.3 million additional customers, bringing the total number of people affected to more than 53 million.
The United States’ third-largest wireless operator had said earlier this week that personal data from more than 40 million former and potential customers had been stolen along with data from 7.8 million existing T-Mobile wireless customers.
In its latest update, which comes days after the US Federal Communications Commission (FCC) opened an investigation into the breach, T-Mobile revealed that it has identified 5.3 million additional wireless subscribers that were affected by the breach as well. like 667,000 previous customer accounts.
The data includes customer addresses, dates of birth and telephone numbers, the company said, adding that it had no indication that the data accessed contained financial information such as credit card or other payment data.
Some T-Mobile customers sued the company for damages Thursday night in federal court in Seattle, saying in a proposed class action suit that the cyber attack violated their privacy and exposed them to a greater risk of fraud and identity theft.
The wireless operator is the latest victim of cyber attacks on large corporations in the United States, as hackers exploit the weakening of user system privacy and security due to work-at-home policies instituted since the start of the coronavirus pandemic .
By 2018, the company had reported a possible security breach that could have affected about 3 percent of its 77 million customers.
“T-mobile has had 6 other data breaches in the last 4 years,” said Doug Schmidt, a professor of computer science at Vanderbilt University.
“It appears that their IT system is particularly vulnerable as they haven’t been able to rectify their known security issues during this period, which should be of concern to customers.”
T-Mobile said in a regulatory document on Friday that, while the investigation was ongoing, it was confident it had “closed access”.