Hackers breach T-Mobile customer records

The breach, which affects around 200,000 customers, contains data types the FCC considers "highly sensitive"

Customers line up outside a T-Mobile store

T-Mobile has suffered a data breach affecting information government agencies consider highly sensitive. The breach is the company's fourth since 2018.

The breach affected about 200,000 customers, according to reports, and T-Mobile said the breach impacted a range of information, including customer phone numbers, the number of lines subscribed on their account, and possibly call-related information collected as part of their cellular service.

It didn't affect personally identifiable information, such as names, addresses, email addresses, financial data, social security numbers, or PINs.

The information affected still represents a serious risk. The leaked data is known as customer proprietary network information (CPNI), and the Federal Communications Commission (FCC) considers it "some of the most sensitive information that carriers and providers have about their customers." CPNI includes the phone numbers the customer called, when they made the calls, and how long the calls were. This is otherwise known as call metadata, and intelligence agencies have long sought it for surveillance purposes.

"Our Cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account," T-Mobile said in the statement on its website.

"We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."

This isn't the first data breach T-Mobile has suffered. In 2018, the company warned users someone had unauthorized access to information, including their phone number, email address, account number, and date of birth. 

In November 2019, T-Mobile admitted a systems breach had affected over 1 million customers. That heist targeted information related to prepaid wireless accounts and included names, addresses, phone numbers, and other CPNI data. In March 2020, the company also notified customers that the breach might have compromised their personal and financial information.

In April 2020, T-Mobile US completed its $26 billion merger with US carrier Sprint Corporation to build a nationwide 5G network.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

FBI warns of ongoing corporate vishing attacks
phishing

FBI warns of ongoing corporate vishing attacks

19 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Capcom data breach adds another 40,000 estimated victims
data breaches

Capcom data breach adds another 40,000 estimated victims

13 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021