United States telecommunications giant T-Mobile has unveiled that the personal data of its employees and customers have been hacked. This is the second security breach T-Mobile has admitted in the last six months.
T-Mobile Data Breach
“The Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to the T-Mobile account”, T-Mobile said in a notice of data breach.
The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs.
With support from leading cybersecurity forensics experts, the company started an investigation to determine what happened and what information was involved.
What information was involved?
T-Mobile has found that threat actors gained access to telecommunications information generated by customers, known as CPNI.
Customer Proprietary Network Information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed.
The CPNI accessed can include a phone number, number of lines in an account and some cases, call-related information collected as part of the normal operation of wireless service.
Measures Executed by T-Mobile
The company is sending out SMS notifications to all impacted users. The company also informed that those who received the text alert about this breach should be on the lookout for suspicious texts claiming to be from T-Mobile asking for information or containing links to non-T-Mobile web pages.
It is not uncommon for threat actors to use stolen information for further targeted phishing campaigns that attempt to steal sensitive information such as login names and passwords.
T-Mobile earlier suffered from breaches in 2018 that exposed customer information, in 2019 for prepaid customers, and in March 2020 that exposed customer and financial data.
As a final point, the company ensures to work further to enhance security measures to mitigate these types of activities.