T-Mobile on Thursday admitted that its cybersecurity team had discovered and shut down the data breach that allowed unauthorized access to prepaid accounts of its customers. The incident has been reported to the authorities.
According to the mobile carrier company, none of the customers’ financial info, social security numbers, and passwords were compromised in the data breach.
“We want to let you know about an incident that we recently identified and quickly corrected that impacted some of your personal information,” T-Mobile said in a statement to customers posted on its website.
“Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities. None of your financial data (including credit card information) or social security numbers was involved, and no passwords were compromised.”
However, T-Mobile does mention that the only data accessed by a third-party was prepaid account information like name and billing address, phone number, account number, rate plan and features, such as an international calling add-on.
The company is required to inform the customer of the breach under U.S. Federal Communications Commission (FCC) rules, which considers rate plans and features of voice calling services “customer proprietary network information (“CPNI”).”
“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and apologize for any inconvenience this has caused you,” T-Mobile concluded.
While the exact number of affected customers has not been officially released, a company spokesperson told CNET that a “very small single digit percentage of customers” were affected by the data breach.
Several T-Mobile’s prepaid customers have already been notified about the incident and have been encouraged to confirm or update the personal identification number (PIN/passcode) on their T-Mobile account as an additional protection.
For those who haven’t received a notification, it possibly means that their account wasn’t compromised, but it is likely that T-Mobile isn’t able to notify them because they don’t have their up-to-date contact information. If you think that’s the case with your account, then you can contact T-Mobile by dialing 611 from your T-Mobile phone or by calling 1-800-T-MOBILE from any phone.
This is not the first time that T-Mobile has suffered a data breach. In August 2018, T-Mobile had suffered a similar data breach where customers’ names, billing zip codes, phone numbers, email addresses, account numbers and rate plans of almost 2 million customers were exposed to hackers.