Personal data of two million customers swiped in T-Mobile breach

T-Mobile has confirmed it is the victim of a server breach where attackers accessed customer data, with the recently-discovered intrusion involving personal data potentially affecting as many as two million users of the major U.S. carrier.

A notice to customers on the T-Mobile website advises the carrier's cyber-security team "discovered and shut down an unauthorized access to certain information" on August 20. After discovering the breach, T-Mobile notes it "promptly reported it to authorities."

It is advised the breach did not involve the acquisition of financial data, including credit card information, nor did it compromise social security numbers or passwords. Of the data that has been exposed, T-Mobile states it may include a user's name, billing zip code, phone number, email address, account number, and whether it is a prepaid or postpaid account.

T-Mobile is currently in the process of notifying customers affected by the breach, and advises those with questions about the incident or their account to contact customer care. Customers who don't receive the notification are not affected by the attack, but are also encouraged to contact customer services with their queries.

While the exact number of customers affected by the breach has not been officially released, a company spokesperson told Motherboard it is "about" or "slightly less than" three percent of its 77 million customers. Hypothetically, if a full three percent of customers were affected, this would put the total number at approximately 2.31 million users.

The spokesperson advised the incident took place early on August 20, with the hackers believed to be part of an "international group," though it is unknown if the hackers are criminals or state-sponsored actors. Specifics of the attack were also not able to be provided, but the spokesperson claims "We found it quickly and shut it down very fast."

T-Mobile customers can contact customer care by dialling 611 from their device, use two-way messaging on my-tmobile.com, the T-Mobile app, or iMessage through Apple Business Chat. A callback can also be requested via the app and the website.

43 Comments

nunzy 6 Years · 662 comments

About 6 years ago

I am loyal to ATT. They were the only ones who gave iPhone a chance. Nobody else had any faith in Apple.

MacPro 18 Years · 19845 comments

That article recently about the 17 year old that hacked the MySql databases in voting machines in a training exercise in a few minutes and was able to change the numbers or even delete them was the scariest thing I've read in a long time. Time to go back to all paper ballots, pigeons for mail me thinks!

SpamSandwich 19 Years · 32917 comments

MacPro said:

That article recently about the 17 year old that hacked the MySql databases in voting machines in a training exercise in a few minutes and was able to change the numbers or even delete them was the scariest thing I've read in a long time. Time to go back to all paper ballots, pigeons for mail me thinks!

Have a link?

GeorgeBMac 8 Years · 11421 comments

SpamSandwich said:

MacPro said:

That article recently about the 17 year old that hacked the MySql databases in voting machines in a training exercise in a few minutes and was able to change the numbers or even delete them was the scariest thing I've read in a long time. Time to go back to all paper ballots, pigeons for mail me thinks!

Have a link?

It was in most main stream media news services.
From 2017
https://www.cbsnews.com/news/hackers-break-into-voting-machines-defcon-las-vegas/

From 2018
https://www.cnet.com/news/us-officials-hope-hackers-at-defcon-find-more-voting-machine-problems/

And, this year they opened it up to voting systems as well.   But, the voting reporting sites are so vulnerable they gave it to the kids and, an eleven year old girl won by changing Florida's vote count in a matter of minutes.

All in all: Since our government is doing nothing to stop this or slow this, we should probably count on it happening for real this year.   And, it's not just on election day: these machines are stored in warehouses and must be programmed by somebody for every election.   They are very vulnerable.   And, in the case of those used in Pennsylvania and others, the machines can neither be verified or recounted. Whatever comes out of that machine is the one and only final count.

Will hackers determine your state senator this year?   We may never know...
We spend hundreds of billions on planes, boats, bombs and missiles every year.   Yet, any number of entities can decide who's in charge of those weapons and how and if they get used!

Kudos to T-Mobile for reporting it so quickly. Typically, the hacked firm takes months before they make it public and notify those whose data was stolen.