Yet another security breach has compromised the personal information of several T-Mobile customers in the US. Hackers were able to access data about the carrier’s prepaid customers, the company said in its disclosure to affected users. According to T-Mobile, customer names, billing addresses, phone numbers, account numbers, rate plans, and any other additional plan features were all left exposed to hackers. The company assured that sensitive information like credit card details, social security numbers, and passwords was not affected.
T-Mobile says it is reaching out to all affected customers individually. If you’re among those affected, you should have received an SMS by now. However, if you have switched carriers or have changed numbers, then you may not receive it. You can still contact T-Mobile at [email protected] or by dialing 611 from your T-Mobile phone and ask for confirmation. The telecommunications giant has also notified law enforcement of the breach.
T-Mobile advises all impacted users to change their account passwords and PIN codes immediately and says it’s always working on to improve security. “We take the security of your information very seriously. We truly regret that this incident occurred and apologize for any inconvenience this has caused you,” the company said in a statement.
Over one million customers affected
T-Mobile does not reveal as to how many people were affected, or when exactly the breach occurred. It says an incident that “impacted some of your personal information” was “recently identified and quickly corrected.”
“Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information,” the company said in the statement.
However, a T-Mobile representative has indicated that “less than 1.5 percent” of customers were affected. Taking into account T-Mobile’s approximately 85 million users, the number of affected users adds up to just over 1.2 million.
A similar data breach had compromised the personal information of nearly two million T-Mobile customers last year as well. Details like names, billing zip codes, phone numbers, email addresses, and account numbers were breached, but no sensitive information was compromised.
Sprint is another major US telco to disclose a security breach this year. The company reported two separated incidents, once each in March and June. The former breach was made through Boost phone numbers and Boost.com PIN codes, whereas Sprint held Samsung’s official website responsible for the second breach.
Sprint and T-Mobile are pushing for a merger amid strong opposition from AGs across the states.