T-Mobile said today in a data breach notification that the account information of an undisclosed number of customers using the company's prepaid services was accessed by an unauthorized third-party."Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account," the breach notification says.
"We promptly reported this to authorities. None of your financial data (including credit card information) or social security numbers was involved, and no passwords were compromised."
The customer information accessed during the data breach is associated only to prepaid accounts according to the data breach notification published by T-Mobile.
"The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature," T-Mobile states.
"Rate plan and features of your voice calling service are “customer proprietary network information” (“CPNI”) under FCC rules, which require we provide you notice of this incident."
We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and apologize for any inconvenience this has caused you. - T-Mobile
T-Mobile alerted all impacted customers via SMS notifications and encourages all those affected by this breach to confirm or update their PIN/passcode on their T-Mobile accounts as additional protection.Users can reach out to Customer Care at 611 from T-Mobile phones or at 1-800-T-MOBILE from phones using any other carriers to request for assistance to deal with the situation or for special account handling instructions.
T-Mobile customers who haven't yet received a notification and want to confirm that their account information was not impacted can do so by emailing [email protected]
T-Mobile was previously hit by a data breach in August 2018, when the account information of around two million customers got stolen.BleepingComputer asked T-Mobile to provide more information on the number of customers impacted in the data breach and the date when it was discovered but did not hear back at the time of publication.
Update November 21, 18:41 EST: A T-Mobile spokesperson told BleepingComputer that "this incident affected a small number of customers." Also, the company's cybersecurity team "discovered it in early November and immediately shut it down."