Hackers breach T-Mobile customer records

The breach, which affects around 200,000 customers, contains data types the FCC considers "highly sensitive"

Customers line up outside a T-Mobile store

T-Mobile has suffered a data breach affecting information government agencies consider highly sensitive. The breach is the company's fourth since 2018.

The breach affected about 200,000 customers, according to reports, and T-Mobile said the breach impacted a range of information, including customer phone numbers, the number of lines subscribed on their account, and possibly call-related information collected as part of their cellular service.

It didn't affect personally identifiable information, such as names, addresses, email addresses, financial data, social security numbers, or PINs.

The information affected still represents a serious risk. The leaked data is known as customer proprietary network information (CPNI), and the Federal Communications Commission (FCC) considers it "some of the most sensitive information that carriers and providers have about their customers." CPNI includes the phone numbers the customer called, when they made the calls, and how long the calls were. This is otherwise known as call metadata, and intelligence agencies have long sought it for surveillance purposes.

"Our Cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account," T-Mobile said in the statement on its website.

"We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."

This isn't the first data breach T-Mobile has suffered. In 2018, the company warned users someone had unauthorized access to information, including their phone number, email address, account number, and date of birth. 

In November 2019, T-Mobile admitted a systems breach had affected over 1 million customers. That heist targeted information related to prepaid wireless accounts and included names, addresses, phone numbers, and other CPNI data. In March 2020, the company also notified customers that the breach might have compromised their personal and financial information.

In April 2020, T-Mobile US completed its $26 billion merger with US carrier Sprint Corporation to build a nationwide 5G network.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

22 Apr 2021
Unsecured cloud storage led to data exposure at New England energy company
data protection

Unsecured cloud storage led to data exposure at New England energy company

22 Apr 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021