Latest in Gear

Image credit: SOPA Images via Getty Images

T-Mobile warns customers of second data breach in less than a year

The scope of the attack was small, but not inconsequential.
Chris Velazco, @chrisvelazco
December 31, 2020
1019 Shares
Share
Tweet
Share

Sponsored Links

KRAKOW, POLAND - 2020/12/09: A T mobile logo is seen inside a shopping mall. (Photo by Omar Marques/SOPA Images/LightRocket via Getty Images)
SOPA Images via Getty Images

As if 2020 weren't bad enough, some T-Mobile customers are winding down the year with word of a data breach. According to reports from BleepingComputer and AndroidPolice, T-Mobile has within the past few days begun to notify affected subscribers of "malicious, unauthorized access" to some of their account information.

"We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved," the carrier said in a security notice shared with customers. "We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."

Thankfully, compared to the kinds of data hackers obtained in prior attacks on the carrier and its partners, the scope of this most recent incident is considerably narrower. T-Mobile said the attack was limited to what the FCC regards as "customer proprietary network information," which can include phone numbers, the number of lines associated with the account, and potentially information about calls placed, like phone numbers called, timing and duration. The carrier further stressed that the data accessed "did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords or PINs."

In a statement provided to BleepingComputer, the carrier said that the breach affected only a small fraction -- less than 0.2 percent -- of the more than 100 million people in its subscriber base. That may not sound like many at all, but the math still works out to some 200,000 potentially affected people. More importantly, those who have been contacted by T-Mobile should do their best to stay on guard. While the data obtained may not be enough to put those people at immediate risk, it could still be used in tandem with information obtained in other leaks and data breaches to coordinate phishing attempts and social engineering attacks. (We have contacted T-Mobile for comment, and will update this story if the company responds.)

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1019 Shares
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Canon made a site that lets you 'take photos' from a real satellite

Canon made a site that lets you 'take photos' from a real satellite

View
'Hitman 3' owners won't have to buy earlier games to play their maps

'Hitman 3' owners won't have to buy earlier games to play their maps

View
Samsung heir Jay Y. Lee is going back to jail for bribery

Samsung heir Jay Y. Lee is going back to jail for bribery

View
Audi and BMW shut down car subscription programs

Audi and BMW shut down car subscription programs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr