Skip to content

T-Mobile says hackers stole customer data in data breach

ff8858_706f6d4f581c450db2e7bbd40f378004_mv2

T-Mobile has confirmed hackers breached its systems.

The cell giant, currently merging with Sprint, said in a statement that hackers customer stole names, billing zip codes, phone numbers, email addresses, account numbers, and account type — such as if an account was prepaid or postpaid — in what the company described as an “unauthorized capture of data.”

No customer financial or billing data was compromised, the company said.

It’s not known when the breach occurred but the unauthorized access was detected and shut down on Monday.

A T-Mobile spokesperson told TechCrunch that the breach was “discovered and stopped very quickly,” and “affected a small number” of customers. But Motherboard reported that a spokesperson said about 3 percent of the company’s 77 million users were affected — some 2 million accounts.

T-Mobile began notifying customers of the breach Friday morning with a text message sent to affected accounts. But that drew ire from some, who said the shortlink in the text message looked like phishing.

This is the latest in a string of security incidents at T-Mobile in the past year.

In May, a security researcher found a security weakness in a T-Mobile subdomain used by staff, which returned customer data without requiring a password. It was similar to a vulnerability found in another T-Mobile system reported by Motherboard some months prior, which exposed customers’ email addresses, their billing account numbers, and the phone’s IMSI numbers.

T-Mobile and other carriers earlier this year were also forced to stop sharing customer location data with third-parties, after Democratic senator Ron Wyden criticized the cell giants for the practice.

Related News

Girls, keep your clothes on. 1

Girls, keep your clothes on.

December 11, 2018
Synthetic Identity 2

Synthetic Identity

August 22, 2018
Identity Protection cleanup 3

Identity Protection cleanup

October 29, 2018