T-Mobile on Thursday reported a recent data breach in which potentially sensitive information, including customer names and billing addresses, was leaked to an unidentified attacker or attackers.
Other information potentially fed to hackers includes customer phone numbers and their rate plan and attached feature set, T-Mobile said in a statement posted to its website. No financial information, social security numbers or passwords were divulged in the attack.
The carrier is required to provide notice of the breach under U.S. Federal Communications Commission guidelines, which considers rate plans and features of voice calling services "customer proprietary network information." Customers received word of the security issue today and were directed to an informational page on T-Mobile's website.
A company spokesperson told CNET that a "very small single digit percentage of customers" were impacted by the incident.
Today's intrusion comes more than a year after T-Mobile suffered a similar breach that impacted some two million people in August 2018. In a statement at the time, the wireless operator said customers' names, billing zip codes, phone numbers, email addresses, account numbers and rate plans were exposed to hackers.
T-Mobile is on the verge of closing a $26.5 billion merger deal with Sprint after receiving final approval from the FCC earlier in November. The two companies now face a group of state attorneys general who have sued to derail the agreement.
6 Comments
This happens so often we start to think of this as normal, but it is not, and it is a big deal. The fraudsters are out there and they want your information. Bad Bad Bad
So, as many as 8.4 million subscribers personal information was released.
The problem with FUD numbers is I assume the worst... converting "very small single digit percentage of customers".
They might want to provide the correct numbers instead.
“Name, address, phone number & feature set” - honestly, with the exception of ‘feature set’ which I can’t see being very useful, all of this is probably so easy for hackers to get that it’s basically worthless anyway.
Changed my this morning password anyway
How did this one happen?