Mobile telecommunication company T-Mobile US, Inc. has revealed a security incident that compromised some of its customers’ personal information. In an official announcement, the company alerted customers about the attack against its email vendor that led to unauthorized access to certain T-Mobile employee email accounts, which contained account information of T-Mobile customers and employees.
The information accessed in the incident included customer names, addresses, phone numbers, billing information, email addresses, account numbers, and rate plans. According to the company, the people behind the breach have not accessed financial data like credit card numbers, social security numbers, and passwords.
On the bright side, T-Mobile’s incidence response team has informed that they didn’t find any evidence on misuse of the exposed data. However, the company urged its users to review their account information and update account passwords. They further reported the breach incidence to the concerned authorities and are taking appropriate legal actions.
“Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees. An investigation was immediately commenced, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was affected. We immediately reported this matter to federal law enforcement and are actively cooperating in their investigation,” T-mobile said in a statement.
This is not the first time that T-Mobile has faced a data breach. In 2018, a data breach had compromised around 2 million users’ personal information of the U.S. telco. T-Mobile, in an announcement, informed its customers about the security breach that was discovered and stopped on August 20, 2018. The compromised data had included names, email addresses, account numbers, and other billing information of its customers. However, financial data like credit card numbers, social security numbers, and passwords were not affected in that incident as well.