US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers.
What happened? In a breach notification posted on its website, T-Mobile today said its cybersecurity team recently discovered a sophisticated cyberattack against the email accounts of some of its employees that resulted in unauthorized access to the sensitive information contained in it, including details for its customers and other employees.
Although the telecom company did not disclose how the breach happened, when it happened, and exactly how many employees and users were affected, it did confirm that the leaked information on its users doesn't contain financial information like credit card and Social Security numbers.
What type of information was accessed? The exposed data of an undisclosed number of affected users include their:
- phone numbers,
- account numbers,
- rate plans and features, and
- billing information.
What is T-Mobile now doing? The company took necessary steps to shut down the unauthorized access upon discovery and immediately notified law enforcement of the security breach incident.
T-Mobile also immediately launched a forensic investigation to determine the extent of the breach incident, a report of which is expected to be released soon..
"We regret that this incident occurred. We take the security of your information very seriously, and while we have a number of safeguards in place to protect customer information from unauthorized access, we are also always working to further enhance security so we can stay ahead of this type of activity," the company said.
The company is notifying affected customers of the breach incident.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
What should you do now? Though T-Mobile said it does not have any evidence of the stolen information being used to commit fraud or otherwise misused, it still advises users to change PIN/passcode to access their accounts as a precaution.
Affected customers should also be suspicious of phishing emails, which are usually the next step of cybercriminals in an attempt to trick users into giving away their passwords and credit card information.
Although the T-Mobile data breach incident did not expose any financial information of affected customers, it is always a good idea to be vigilant and keep a close eye on your bank and payment card statements for any unusual activity and report to the bank if you find any.
The incident comes in less than six months after the telecom giant suffered a significant data breach that exposed the personal information of some of the customers using its prepaid services.
In August 2018, the company also disclosed a data breach that affected roughly two million customers.