9

T-Mobile warns customers of second data breach in less than a year

 3 years ago
source link: https://www.engadget.com/t-mobile-data-breach-security-phone-number-hack-2020-172117333.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

T-Mobile warns customers of second data breach in less than a year

The scope of the attack was small, but not inconsequential.
KRAKOW, POLAND - 2020/12/09: A T mobile logo is seen inside a shopping mall. (Photo by Omar Marques/SOPA Images/LightRocket via Getty Images) SOPA Images via Getty Images

As if 2020 weren't bad enough, some T-Mobile customers are winding down the year with word of a data breach. According to reports from BleepingComputerand AndroidPolice, T-Mobile has within the past few days begun to notify affected subscribers of "malicious, unauthorized access" to some of their account information.

"We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved," the carrier said in a security notice shared with customers. "We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."

Thankfully, compared to the kinds of data hackers obtained in prior attacks on the carrier and its partners, the scope of this most recent incident is considerably narrower. T-Mobile said the attack was limited to what the FCC regards as "customer proprietary network information," which can include phone numbers, the number of lines associated with the account, and potentially information about calls placed, like phone numbers called, timing and duration. The carrier further stressed that the data accessed "did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords or PINs."

In a statement provided to BleepingComputer, the carrier said that the breach affected only a small fraction -- less than 0.2 percent -- of the more than 100 million people in its subscriber base. That may not sound like many at all, but the math still works out to some 200,000 potentially affected people. More importantly, those who have been contacted by T-Mobile should do their best to stay on guard. While the data obtained may not be enough to put those people at immediate risk, it could still be used in tandem with information obtained in other leaks and data breaches to coordinate phishing attempts and social engineering attacks. (We have contacted T-Mobile for comment, and will update this story if the company responds.)

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK