T-Mobile has suffered a data breach affecting information government agencies consider highly sensitive. The breach is the company's fourth since 2018.
The breach affected about 200,000 customers, according to reports, and T-Mobile said the breach impacted a range of information, including customer phone numbers, the number of lines subscribed on their account, and possibly call-related information collected as part of their cellular service.
It didn't affect personally identifiable information, such as names, addresses, email addresses, financial data, social security numbers, or PINs.
The information affected still represents a serious risk. The leaked data is known as customer proprietary network information (CPNI), and the Federal Communications Commission (FCC) considers it "some of the most sensitive information that carriers and providers have about their customers." CPNI includes the phone numbers the customer called, when they made the calls, and how long the calls were. This is otherwise known as call metadata, and intelligence agencies have long sought it for surveillance purposes.
"Our Cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account," T-Mobile said in the statement on its website.
"We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."
This isn't the first data breach T-Mobile has suffered. In 2018, the company warned users someone had unauthorized access to information, including their phone number, email address, account number, and date of birth.
In November 2019, T-Mobile admitted a systems breach had affected over 1 million customers. That heist targeted information related to prepaid wireless accounts and included names, addresses, phone numbers, and other CPNI data. In March 2020, the company also notified customers that the breach might have compromised their personal and financial information.
In April 2020, T-Mobile US completed its $26 billion merger with US carrier Sprint Corporation to build a nationwide 5G network.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
