T-Mobile has told some customers of a “security incident” in which a malicious party “may have impacted some of your T-Mobile account information.”
A web page to which some customers were pointed states that the stolen data “may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”
The intruder or intruders did not, T-Mobile stated, have access to “names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs.”
“We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved,” T-Mobile states in the notice. “We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers.”
T-Mobile began informing customers of the incident on Dec. 29, according to the tech website bleepingcomputer.com, which was among the first news outlets to report the breech.
The breech occurred in December, the site reported, and appeared to affect about 200,000 T-Mobile customers.
Customers whose call data has been compromised, even if their names haven’t been obtained, are at heightened risk of attacks such as phishing by bad actors pretending to be mobile carriers.
T-Mobile previously suffered a data breach in March. That incident, the company stated at the time, involved some of the same information that was compromised in the latest incident. Unlike the recent incident, however, the March episode also involved customers’ names.