T-Mobile has provided additional details from its investigation of its recent data breach, sharing that over 40 million people’s records were stolen.

Earlier this week, news broke that a hacker was trying to sell T-Mobile customer data online, data they claimed to have gotten via compromised T-Mobile servers. The hacker claimed the data contained names, addresses, social security numbers (SSN), driver license information, phone numbers and unique IMEI numbers.

After confirming a breach occurred, T-Mobile’s investigation has now shed light on the details. The company has confirmed that information for 7.8 million postpaid accounts was included in the stolen data, as well as over 40 million former and customers who had applied for credit. It’s unclear how much overlap there may be between the two groups.

The company says “some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.”

However, “no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”

The company is taking steps to help protect those impacted, including providing two years of free identity protection via McAfee’s ID Theft Protection Service. The company also recommends all postpaid customer change their account PIN, and the company is offering Account Takeover Protection to make it harder for an imposter to hijack an account.

We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack. While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.