T-Mobile made an announcement on their website, confirming that they have experienced a data breach that has affected “less than 1.5%” of its customers. They have assured their users however that they have already been able to shut down the “malicious, unauthorized access” to their information which luckily did not include any financial information or password data. Still, personal data like phone numbers and billing addresses have been exposed to a “malicious actor” and no further details have been disclosed as of now.
In the statement from T-Mobile, the ones affected by the breach are prepaid wireless account holders. Their internal cybersecurity team was able to shut down the hack and then they were able to report these to the authorities. The data that was accessed included names, billing addresses, phone numbers, and account numbers. Rate plans and features, which are considered Customer Proprietary Network Information (CPNI), were also included in the hack.
The “good” news is that none of the passwords or financial data, including credit card information, were accessed by whoever breached the data. There is just a curious note in T-Mobile’s announcement, which says that under FCC rules, if your CPNI was breached, then they are required to inform users of the incident. This makes you wonder if there have been previous data breaches which they haven’t disclosed because the CPNI wasn’t part of the information accessed.
In any case, T-Mobile said that they “truly regret this incident” and apologized for the inconvenience. They have not, however, given any other details like the next steps and if users need to do anything to ensure their data will not be compromised. Tech Crunch was able to reach a representative and they disclosed that less than 1.5% of customers were affected so that amounts to over a million accounts, which is a lot of data to have.
While the data that was breached isn’t as damaging as getting your passwords, it’s still information that someone can use to attempt to steal your identity or take over your account or something. So it would still be a good idea to change your password just to be sure and be vigilant as to any suspicious activities in any of your accounts, whether on T-Mobile or elsewhere.