T-Mobile has begun notifying customers of a security breach that might affect an undetermined number of them, possibly revealing their names and addresses, phone numbers, account numbers, rate plans and features, and billing information.
Wireless carriers are a prime target for hackers because they hold large databases of customers and data that command a high value on the black market. Even if no financial data is leaked, it’s still a significant security issue.
The T-Mobile data breach exposed limited data about customers, including real names and addresses, phone numbers, account numbers, rate plans and billing information. There’s no indication of leaked passwords or credit card and Social Security numbers, but that is still valuable.
“Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees,” says the company in a note to customers. “An investigation was immediately commenced, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was affected.”
For now, the stolen data has apparently yet to be used in any nefarious ways, such as in fraud. Still, while the customers don’t have to do anything special, T-Mobile is advising everyone to review their account information and update their personal identification number (PIN/passcode).
The telecom company is not offering any other details about the hack, so there is no clue as to the culprit. Unfortunately, this is not the first security incident for T-Mobile, as the company suffered a similar incident in November 2019, when a breach exposed data about pre-paid customers. Also, in 2018 a data breach compromised the private data of 2.3 million customers.