The US branch of the
“We want to let you know about an incident that we recently identified and quickly corrected that impacted some of your personal information.” reads the data breach notice published by the company.
Our Cybersecurity team discovered and shut down malicious, unauthorized access to
Exposed data includes name and billing address, phone number, account number, rate plan and features, like whether a customer has added an international calling feature.
“Rate plan and features of your voice calling service are ‘customer proprietary network information’ (‘CPNI’) under FCC rules, which require we provide you notice of this incident,” continues T-Mobile.
No financial information, social security numbers, and passwords were accessed by the attackers.
At the time of writing the company did not reveal details of the intrusion or the extent of the incident.
T-Mobile confirmed to have taken the necessary steps to lock out the attackers and immediately notified law enforcement of the security breach.
The company is notifying only affected customers through email, users can contact Customer Care to receive support and information on the incident.
The company is urging affected customers to update the PIN/passcode to access their accounts, let me suggest to not affected users to do the same.
Customers should remain vigilant on possible phishing messages that can use stolen data to trick victims into revealing sensitive data, passwords and financial information such as credit card information.
Another suggestion for T-Mobile customers is to monitor their bank and payment card statements for any suspicious activity and report to the bank if they find any.
In August 2018, T-Mobile announced it has suffered a security breach that exposed the personal information of up to 2 million T-mobile customers.
(SecurityAffairs – data breach, T-Mobile)