T-Mobile announced Data breach Displays CPNI customer network information, including phone numbers and call logs.
And T-Mobile started sending customers text messages stating that a security incident revealed their account information. According to the company, its security team recently discovered malicious and unauthorized access to its systems.
After bringing in a cybersecurity company for an investigation, T-Mobile found that threat actors had access to customer-generated communications information, known as CPNI.
Information disclosed in this breach includes phone numbers, call logs and the number of lines on the account.
T-Mobile reported on notice Data breach: CPNI customer-owned network information was accessed as defined by the FCC rules.
She added: CPNI accessed may include the phone number, number of subscribed lines to your account, and in some cases, information regarding calls collected as part of the normal operation of your wireless service.
T-Mobile states that the data breach did not disclose account holders’ names, physical addresses, email addresses, financial data, credit card information, Social Security numbers, tax IDs, passwords, or personal identification numbers.
In a statement, T-Mobile stated that this breach affected a small number of customers (less than 0.2 percent), and T-Mobile has close to 100 million customers, equivalent to about 200,000 people affected by this violation.
The company said: We are currently informing a small number of customers that some information regarding their accounts may have been accessed illegally.
The data accessed did not include any account-related names, financial data, credit card information, social networks, security numbers, passwords, PINs, email or physical addresses.
The information accessed may include phone numbers, number of subscribed lines, and in a small number of cases some information about calls collected as part of the normal operation of the service.
Those who have received the text alert about this breach should be on the lookout for suspicious text messages claiming to be from T-Mobile that request information or contain links to non-company webpages.
It is not uncommon for attackers to use the stolen information for more targeted phishing campaigns that attempt to steal sensitive information, such as: login names and passwords.
T-Mobile previously suffered from violations in 2018 that revealed customer information, as well as violations in 2019 that revealed prepaid customer information, while in March 2020 it disclosed customer data and financial data.