T-Mobile has officially disclosed a data breach that it says affects more than one million of its customers. As reported by TechCrunch, hackers gained “malicious, unauthorized” access to data from prepaid T-Mobile customers.
The breached data did not include any financial information, social security numbers, or password data. Instead, it was limited to: name and billing address, phone number, account number, and information about your plan, monthly rate, and features.
The attack was discovered in early November and “immediately” shutdown, according to T-Mobile. The carrier didn’t disclose any information about how the hack occurred or how long the data was exposed.
Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities. None of your financial data (including credit card information) or social security numbers was involved, and no passwords were compromised.
Included in that leaked information about your rate, plan, and features was “customer proprietary network information.” Telecommunications regulations require that a carrier notify customers if that information is leaked. Had that information not been included in the breached data, it’s possible T-Mobile wouldn’t have publicly disclosed this hack.
While T-Mobile did not disclose the exactly number of affected customers, it said that “less than 1.5 percent” of its customers were affected. TechCrunch reports:
In this case, however, it seems that T-Mobile has disclosed the hack in a fairly prompt manner, though it provided very few details. When I asked, a T-Mobile representative indicated that “less than 1.5 percent” of customers were affected, which of the company’s approximately 75 million users adds up to somewhat over a million.
You can read T-Mobile’s full disclosure on its website.
FTC: We use income earning auto affiliate links. More.