Sponsored Links

T-Mobile warns customers of second data breach in less than a year

The scope of the attack was small, but not inconsequential.
KRAKOW, POLAND - 2020/12/09: A T mobile logo is seen inside a shopping mall. (Photo by Omar Marques/SOPA Images/LightRocket via Getty Images)
SOPA Images via Getty Images
Chris Velazco
Chris Velazco|@chrisvelazco|December 31, 2020 12:21 PM

As if 2020 weren't bad enough, some T-Mobile customers are winding down the year with word of a data breach. According to reports from BleepingComputer and AndroidPolice, T-Mobile has within the past few days begun to notify affected subscribers of "malicious, unauthorized access" to some of their account information.

"We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved," the carrier said in a security notice shared with customers. "We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."

Thankfully, compared to the kinds of data hackers obtained in prior attacks on the carrier and its partners, the scope of this most recent incident is considerably narrower. T-Mobile said the attack was limited to what the FCC regards as "customer proprietary network information," which can include phone numbers, the number of lines associated with the account, and potentially information about calls placed, like phone numbers called, timing and duration. The carrier further stressed that the data accessed "did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords or PINs."

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

In a statement provided to BleepingComputer, the carrier said that the breach affected only a small fraction -- less than 0.2 percent -- of the more than 100 million people in its subscriber base. That may not sound like many at all, but the math still works out to some 200,000 potentially affected people. More importantly, those who have been contacted by T-Mobile should do their best to stay on guard. While the data obtained may not be enough to put those people at immediate risk, it could still be used in tandem with information obtained in other leaks and data breaches to coordinate phishing attempts and social engineering attacks. (We have contacted T-Mobile for comment, and will update this story if the company responds.)

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
T-Mobile warns customers of second data breach in less than a year