Personal data of two million customers swiped in T-Mobile breach
T-Mobile has confirmed it is the victim of a server breach where attackers accessed customer data, with the recently-discovered intrusion involving personal data potentially affecting as many as two million users of the major U.S. carrier.
A notice to customers on the T-Mobile website advises the carrier's cyber-security team "discovered and shut down an unauthorized access to certain information" on August 20. After discovering the breach, T-Mobile notes it "promptly reported it to authorities."
It is advised the breach did not involve the acquisition of financial data, including credit card information, nor did it compromise social security numbers or passwords. Of the data that has been exposed, T-Mobile states it may include a user's name, billing zip code, phone number, email address, account number, and whether it is a prepaid or postpaid account.
T-Mobile is currently in the process of notifying customers affected by the breach, and advises those with questions about the incident or their account to contact customer care. Customers who don't receive the notification are not affected by the attack, but are also encouraged to contact customer services with their queries.
While the exact number of customers affected by the breach has not been officially released, a company spokesperson told Motherboard it is "about" or "slightly less than" three percent of its 77 million customers. Hypothetically, if a full three percent of customers were affected, this would put the total number at approximately 2.31 million users.
The spokesperson advised the incident took place early on August 20, with the hackers believed to be part of an "international group," though it is unknown if the hackers are criminals or state-sponsored actors. Specifics of the attack were also not able to be provided, but the spokesperson claims "We found it quickly and shut it down very fast."
T-Mobile customers can contact customer care by dialling 611 from their device, use two-way messaging on my-tmobile.com, the T-Mobile app, or iMessage through Apple Business Chat. A callback can also be requested via the app and the website.