T-Mobile data breach exposes the phone numbers of thousands of customers

T-Mobile security teams revealed that the company’s systems have been affected by a data breach that would have exposed sensitive user details, including their phone numbers and call logs. The company has already begun notifying potentially affected users.

In its report, the company mentions that its security teams recently discovered “malicious and unauthorized access” to their systems. In collaboration with a cybersecurity company, T-Mobile concluded that malicious hackers accessed sensitive information, identified by the company as “CPNI records”.

La imagen tiene un atributo ALT vacío; su nombre de archivo es tmobile30122020.jpg

“Threat actors accessed Customer Owned Network Information (CPNI), which includes phone numbers, lines enrolled in the account, and, in some cases, information related to calls made or received by users,” the notification states. T-Mobile also notes that users’ personal information (full names, addresses, email addresses, etc.) was not compromised during the incident.

Through a shared statement with the cybersecurity community, the company also stated that the incident affected less than 2% of its users globally: “We will be notifying this small number of users about the situation. To be clear, certain account-related information may have been illegally accessed; your personal data is completely safe,” says T-Mobile.

Users who have received the notification (sent via SMS) should remain alert to any suspicious text message or phone call. This is not the first time T-Mobile is experiencing a similar incident. In 2018, the company exposed the phone numbers of thousands of users, who were exposed to phishing attacks to try to get more sensitive information for subsequent attacks.