U.S. telecom provider T-Mobile has announced that it recently suffered a security breach that compromised an unspecified number of customers’ phone numbers as well as customer proprietary network information that included call-related information and the number of lines subscribed to individual accounts.
In a security incident notification published on the telecom provider’s website, Matt Staneff, the chief marketing officer of T-Mobile USA, said the malicious, unauthorised access to its IT systems was recently discovered and quickly shut by the cybersecurity team before hackers could gain access to customers’ personal information.
Even though hackers managed to gain access to customer proprietary network information that T-Mobile collects as mandated by the Federal Communications Commission, Staneff said the breach did not compromise customers’ names, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs.
— Graham Cluley (@gcluley) January 5, 2021
“Our Cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account. We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers.
“Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed. The CPNI accessed may have included phone numbers, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.
“As stated above, the data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs,” he added.
According to cyber security expert Graham Cluley, this is the fourth security breach T-Mobile has suffered in the past three years. The previous breaches involved hackers stealing the names, phone numbers, account numbers, zip codes, and email addresses of over two million T-Mobile customers in August 2018, hackers stealing the personal information of over one million prepaid users in November 2019, and hackers breaking into employees’ email accounts and stealing customer account information in March last year.