Mobile telecommunications company T-Mobile disclosed a data security incident that might have exposed the account information of some of its customers.
T-Mobile's Cybersecurity team learned of the incident when it discovered an attack against its email vendor. The team responded by shutting down the attack and launching an investigation into what happened. This effort revealed that malicious actors had used the attack to access certain T-Mobile employees' email accounts. At the time of compromise, those accounts had contained the account information of T-mobile customers and employees including their names and addresses, phone numbers, account numbers, and billing information, among other details. That being said, the incident didn't affect customers' financial information (including their payment card credentials) or their Social Security Numbers. In a notice of data breach published on its website, T-Mobile revealed that it had not discovered evidence of anyone having misused the exposed customer data. Even so, the company went ahead and reported the incident to law enforcement, began notifying customers and urged customers to review their account account information including their PINs/passcodes. It also said that it's working to provide even stronger account security going forward:
We regret that this incident occurred. We take the security of your information very seriously and while we have a number of safeguards in place to protect customer information from unauthorized access, we are also always working to further enhance security so we can stay ahead of this type of activity.
News of this incident comes several months after T-Mobile revealed that a security incident might have exposed the personal information of some of its customers. In that incident, digital attackers gained access to some prepaid wireless account holders’ information. This data also did not include affected individuals' financial information (such as their payment card credentials), passwords or Social Security Numbers.