 |
| T-Mobile warns customers about data breaches |
T-Mobile announced a data breach displaying network information from CPNI customers, including phone numbers and call logs.
T-Mobile has started sending an SMS to customers informing them that a security incident has exposed their account information. According to the company, the security team recently discovered malicious and unauthorized access to its system.
After T-Mobile brought in a cybersecurity company for investigation, it found that threat actors had access to customer-generated communications information, specifically CPNI.
The information disclosed in this breach includes phone numbers, call logs, and the number of lines in the account.
T-Mobile noted in the Data Leak Notice: Per FCC rules, it obtained network information from CPNI customers.
She added: The CPNI you've visited may include phone numbers, the number of lines booked for your account, and in some cases, information about calls collected as part of the normal operation of cellular services.
According to T-Mobile, the name, physical address, email address, financial details, credit card information, Social Security number, tax number, password or PIN code for the account holder were not provided in the data breach.
T-Mobile said in a statement that the breach affected a small number of customers (less than 0.2%). T-Mobile has nearly 100 million customers, or nearly 200,000 people, affected by this abuse.
We are currently warning a small number of customers that some of their account information may have been accessed illegally, the company said.
The information shown does not include account names, financial information, credit card information, social media, security numbers, passwords, personal identification numbers, emails or physical addresses.
The information available may include phone numbers, number of reserved lines, and in some cases, certain information related to calls collected as part of the normal operation of the service.
Those who have received text notifications of this breach should watch out for suspicious text messages, allegedly from T-Mobile, requesting information or containing links to non-company websites.
Attackers typically use the stolen information for more targeted phishing activities that attempt to steal sensitive information such as login names and passwords.
T-Mobile actually violated customer information breaches in 2018 and identified prepaid customer information violations in 2019. As of March 2020, customer and financial data has been compromised.