Mobile telecommunication company T-Mobile has revealed a security incident that compromised its customers’ sensitive data, including personal identification numbers (PINs). In a data breach notice, the company stated that an unknown hacker gained access to customers’ account information. T-Mobile alerted the affected customers and reported the issue to the U.S. attorney generals’ offices.
While there is no evidence whether the attackers gained access to the employees’ accounts, T-Mobile claimed that there is a chance of SIM Swapping attacks as the attackers were able to port mobile numbers.
Sensitive Data at Risk
The information accessed by threat actors included customers’ full names, addresses, email addresses, account numbers, social security numbers, account details, account security questions and answers, birth dates, plan information, and the number of lines subscribed to their accounts.
“An unknown actor gained access to certain account information. It appears the actor may then have used this information to port your line to a different carrier without your authorization. T-Mobile identified this activity, terminated the unauthorized access, and implemented measures to protect against reoccurrence,” a T-Mobile spokesperson said.
T-Mobile urged the affected customers to change their account’s password, PIN, and their security questions and answers for further security. The telecom giant is also offering two years of free credit monitoring and identity theft detection services to the impacted customers in the incident.
One Telecom – Multiple Data Breaches
This is not the first time that T-Mobile has faced a data breach. In 2020, the company alerted customers about the attack against its email vendor that led to unauthorized access to certain T-Mobile employee email accounts, which contained account information of customers and employees.
In 2018, a data breach compromised the personal information of around two million T-Mobile users. The compromised data included names, email addresses, account numbers, and other billing information of its customers.