T-Mobile said on Friday an ongoing investigation into a data breach revealed that hackers accessed personal information of an additional 5.3 million customers, bringing the total number of people affected to more than 53 million.
The third-largest U.S. wireless carrier said earlier this week that personal data of more than 40 million former and prospective customers was stolen along with data from 7.8 million existing T-Mobile wireless customers.
In its latest update, which comes days after the US Federal Communications Commission opened an investigation into the breach, T-Mobile revealed it had identified 5.3 million additional current wireless subscribers who were affected by the breach as well as 667,000 more accounts of former customers.
The data includes addresses, dates of birth and phone numbers of customers, the company said, adding that it had no indication that the accessed data contained financial information such as credit card or other payment data.
The wireless carrier is the latest victim of a series of cyberattacks on large corporations in the United States as hackers exploit weakened user system privacy and security due to work-from-home policies instituted since the onset of the coronavirus pandemic.
“Our investigation is ongoing and will continue for some time, but at this point, we are confident that we have closed off the access,” T-Mobile said in a regulatory filing.
Some T-Mobile customers sued the company for damages late Thursday night in Seattle federal court, saying in a proposed class action that the cyberattack violated their privacy and exposed them to a higher risk of fraud and identity theft.
T-Mobile has offered antivirus maker McAfee’s identity protection services free for two years to anyone who believes their data was breached.
Its steps won praise from some analysts.
“We believe TMUS [T-Mobile] is taking the correct steps to both secure its systems as well as contain the fallout,” Keith Snyder, equity analyst at CFRA Research, said in a note on Wednesday.