The US-based telecom giant T-Mobile today disclosed a yet another data breach incident that recently exposed potentially personal information of some of the customers using its prepaid services.
What happened? In a statement posted on its website, T-Mobile said its cybersecurity team discovered a "malicious, unauthorized access" to information associated with an undisclosed number of its prepaid wireless account customers.
However, the company did not disclose precisely how the breach happened, when it happened, and how the attackers unauthorizedly managed to access the private information of the company's prepaid customers.
What type of information was accessed? The stolen data associated with customers' prepaid wireless accounts include their:
- phone numbers,
- billing addresses (if customers provided this data during account establishment),
- account numbers, and
- rate plans and features, like whether a customer has added an international calling feature.
"Rate plan and features of your voice calling service are 'customer proprietary network information' ('CPNI') under FCC rules, which require we provide you notice of this incident," T-Mobile said.
What type of information was not compromised? The telecommunication giant confirmed that no financial information, social security numbers, and passwords were compromised as a result of the security breach incident.
What is T-Mobile now doing? The company took necessary steps to shut down the unauthorized access upon discovery and immediately notified law enforcement of the security incident.
The company is also notifying affected customers through email and directing them to a customer support page on T-Mobile's website.
T-Mobile also made it clear that if you don't receive an email notification from the company, it's likely your account was not among those impacted by this incident, but "it is possible you didn't hear from [the company] because [it] doesn't have up-to-date contact information for you."
"We are always working to improve security so we can stay ahead of malicious activity and protect our customers. We have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure," T-Mobile said.
What Should You Do Now? Affected customers are recommended to update the PIN/passcode to access their accounts.
Do it even if you are not affected—just to be on the safer side.
Affected customers should also be suspicious of phishing emails, which are usually the next step of cybercriminals in an attempt to trick users into giving away their passwords and credit card information.
Although the T-Mobile data breach incident did not expose any financial information, it is always a good idea to keep a close eye on your bank and payment card statements for any unusual activity and report to the bank if you find any.
The incident comes over a year after T-Mobile suffered a significant data breach that exposed names, email addresses, phone numbers, and account information for about 2 million customers.