T-Mobile security teams revealed that the company’s systems have been affected by a data breach that would have exposed sensitive user details, including their phone numbers and call logs. The company has already begun notifying potentially affected users.
In its report, the company mentions that its security teams recently discovered “malicious and unauthorized access” to their systems. In collaboration with a cybersecurity company, T-Mobile concluded that malicious hackers accessed sensitive information, identified by the company as “CPNI records”.
“Threat actors accessed Customer Owned Network Information (CPNI), which includes phone numbers, lines enrolled in the account, and, in some cases, information related to calls made or received by users,” the notification states. T-Mobile also notes that users’ personal information (full names, addresses, email addresses, etc.) was not compromised during the incident.
Through a shared statement with the cybersecurity community, the company also stated that the incident affected less than 2% of its users globally: “We will be notifying this small number of users about the situation. To be clear, certain account-related information may have been illegally accessed; your personal data is completely safe,” says T-Mobile.
Users who have received the notification (sent via SMS) should remain alert to any suspicious text message or phone call. This is not the first time T-Mobile is experiencing a similar incident. In 2018, the company exposed the phone numbers of thousands of users, who were exposed to phishing attacks to try to get more sensitive information for subsequent attacks.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.