T-Mobile has begun notifying customers of
a security breach that might affect an undetermined number of them, possibly
revealing their names and addresses, phone numbers, account numbers, rate plans
and features, and billing information.
Wireless carriers are a prime target for
hackers because they hold large databases of customers and data that command a
high value on the black market. Even if no financial data is leaked, it’s still
a significant security issue.
The T-Mobile data breach exposed limited
data about customers, including real names and addresses, phone numbers,
account numbers, rate plans and billing information. There’s no indication of
leaked passwords or credit card and Social Security numbers, but that is still
valuable.
“Our Cybersecurity team recently
identified and shut down a malicious attack against our email vendor that led
to unauthorized access to certain T-Mobile employee email accounts, some of
which contained account information for T-Mobile customers and employees,” says
the company in a note
to customers. “An investigation was immediately commenced, with assistance from
leading cybersecurity forensics experts, to determine what happened and what information
was affected.”
For now, the stolen data has apparently yet
to be used in any nefarious ways, such as in fraud. Still, while the customers don’t
have to do anything special, T-Mobile is advising everyone to review their
account information and update their personal identification number
(PIN/passcode).
The telecom company is not offering any
other details about the hack, so there is no clue as to the culprit.
Unfortunately, this is not the first security incident for T-Mobile, as the
company suffered a similar incident in November 2019, when a breach exposed
data about pre-paid customers. Also, in 2018 a data breach compromised the private
data of 2.3
million customers.