The company tells us that hackers did not have access to any names associated with the account, financial data, credit card information, social security numbers, passwords, PINs or physical or email addresses.
T-Mobile states that the data breach did not expose account holders' names, physical addresses, email addresses, financial data, credit card information, social security numbers, tax IDs, passwords, or PINs. In a statement to BleepingComputer, T-Mobile stated that this breach affected a "small number of customers (less than 0.2%)."
While most of the worrisome stuff has been excepted here, those call diagnostic metrics — customer proprietary network information as defined by the FCC — can and may include call location data such as tower IDs and even granular information from your device.
On the whole, though, it appears that the scale of impact both in terms of severity and range is relatively minimal this time around — there are plenty of two-bit attacks like this one that we don't get to report on — but T-Mobile has made itself out to be a frequent victim as it has been affected by at least one big attack every year. Indeed, there was another hit back in March.
That said, getting around to every possible person who's been affected can be a time-consuming task: one subscriber said yesterday they were just alerted by T-Mobile to a potential compromise that happened 9 months ago.