Industry Updates

Security Incident Exposes Some T-Mobile Customer Data

In 2020, there have been a number of high-profile data breaches, and as we move closer to the end of the year, we have yet another to report.

This time, cellular carrier T-Mobile is the victim, having recently disclosed a security incident that exposed the phone numbers and call records of some of the company’s customers.

The company’s official statement on the matter reads in part, as follows:

We are currently notifying a small number of customers (less than 0.2 percent) that some information related to their account may have been illegally accessed. The data accessed did NOT include any names associated with the account, financial data, credit card information, social security numbers, passwords, PINs or physical or email addresses. The information that was accessed may have included phone numbers, number of lines subscribed to and in a small number of cases some call-related information collected as part of normal operation and service.”

There are a couple of points that stand out in this part of the company’s notification. First, the scope and scale of the attack appears to have been quite limited, thanks to the rapid response of the company’s security staff.

Second, although any data loss is a bad thing, it does not appear that any immediately financially impactful information like names and payment card information was stolen. That’s small consolation to anyone who values their privacy, but the damage clearly wasn’t as bad as it could have been.

Even so, clever hackers can use the information that was gleaned to make phishing attacks, so if you’ve received a text message from T-Mobile indicating that your information was accessed during the breach, be mindful of the fact that you may begin receiving unsolicited communications, most likely spoofing T-Mobile, in a bid to get more information from you.