T-Mobile discloses its fourth data breach in three years
US telecommunications provider T-Mobile disclosed a security breach last week, its fourth data breach in the past three years, after incidents in August 2018, November 2019, and March 2020.
"Our Cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account," the company said in letters sent to customers, obtained by ZDNet, and on a page on its official website.
T-Mobile said it investigated the incident with the help of cybersecurity experts.
The investigation found that hackers accessed customer details such as phone numbers, the number of lines subscribed to an account, and, in some cases, call-related information, which T-Mobile said it collected as part of the normal operation of its wireless service.
"The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs," the company said.
Since no personal or financial information was exposed, T-Mobile is not providing free credit monitoring services, but only notifying customers, per US state laws.
A T-Mobile spokesperson said the breach only impacted 0.2% of the company's total userbase, which puts the number at around 200,000.
The security breach does not look as bad as the company's previous security breaches, primarily due to the smaller number of affected customers and the less sensitive nature of the exposed data.
These previous breaches included a March 2020 incident (when T-Mobile said hackers gained access to both its employees and customers data, including employee email accounts), a November 2019 incident (when T-Mobile said it "discovered and shut down" unauthorized access to the personal data of its customers), and an August 2018 incident (when T-Mobile said hackers gained access to the personal details of 2 million of its customers).
Before it merged with T-Mobile in 2020, Sprint also disclosed two security breaches in 2019 as well, one in May and a second in July.