Thankfully, compared to the kinds of data hackers obtained in prior attacks on the carrier and its partners, the scope of this most recent incident is considerably narrower. T-Mobile said the attack was limited to what the FCC regards as "customer proprietary network information," which can include phone numbers, the number of lines associated with the account, and potentially information about calls placed, like phone numbers called, timing and duration. The carrier further stressed that the data accessed "did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords or PINs."
In a statement provided to BleepingComputer, the carrier said that the breach affected only a small fraction -- less than 0.2 percent -- of the more than 100 million people in its subscriber base. That may not sound like many at all, but the math still works out to some 200,000 potentially affected people. More importantly, those who have been contacted by T-Mobile should do their best to stay on guard. While the data obtained may not be enough to put those people at immediate risk, it could still be used in tandem with information obtained in other leaks and data breaches to coordinate phishing attempts and social engineering attacks. (We have contacted T-Mobile for comment, and will update this story if the company responds.)