In brief: T-Mobile has now confirmed that data on approximately 48 million former and current customers was stolen during an attack on the company. As such, it will offer those affected two years of free identity theft protection.

Earlier this week, it was reported that a hacker was offering to sell T-Mobile customer data. They claimed to have information relating to 100 million accounts, asking 6 Bitcoin, around $270,000, for a subset that contained info on 30 million social security numbers and driver licenses.

T-Mobile said it was investigating the incident. It confirmed on Monday that there had been unauthorized access to company data, but it had yet to determine if customer information was compromised. It has now been confirmed that the hacker accessed data relating to around 48 million customers, which includes first and last names, dates of birth, social security numbers, and driver's license information.

"While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information," T-Mobile told Gizmodo.

T-Mobile added that there is no indication the stolen files contained customer financial information, credit card information, debit, or other payment information. It says that current, former, and prospective customers may have been impacted.

"Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts' information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile."

T-Mobile is now encouraging customers to change their PINs and sign up for its Account Takeover Protection service. It has also pledged to give out two years of free identity protection through McAfee's ID Theft Protection Service.

While the hacker still insists they stole data related to 100 million customers, T-Mobile claims the actual figure is closer to 48 million. Either way, it's still a massive number and will be a huge PR blow to a company with a history of being hacked.