Earlier this week, T-Mobile started alerting its customers about a data breach that exposed details associated with their user account. While details about the scope of this security breach have so far been thin, the carrier has finally decided to shed some light on the incident after shutting down the malicious operations behind it. The company says that information related to customers’ T-Mobile account was exposed, which includes phone number, the number of lines on an account, and call-related information.
Specifically, T-Mobile says that the Customer proprietary network information (CPNI) was accessed as part of the security breach. But aside from phone number, the number of connections and call logs, no other customer data was exposed, claims the company. “The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs,” T-Mobile said in an official statement.
T-Mobile’s official notice does not reveal the number of customers that were affected. However, in a statement given to BleepingCustomer, T-Mobile mentioned that less than 0.2% of its subscribers were affected. If you take into account the roughly 100 million-strong customer base of the carrier, almost 200,000 users may have been had their information accessed by malicious actors.
“We are currently notifying a small number of customers (less than 0.2%) that some information related to their account may have been illegally accessed. The data accessed did NOT include any names associated with the account, financial data, credit card information, social security numbers, passwords, PINs or physical or email addresses.” the company was BleepingComputer.
Not the first T-Mobile security mishap in 2020
However, this is not the first time that T-Mobile has been at the receiving end of a cybersecurity attack in 2020. Back in November, the company admitted that “name and billing address, phone number, account number, rate plan and features, such as whether you added an international calling feature” were accessed during a security breach. However, banking details, social security numbers, or passwords were not exposed in the breach.