T-Mobile Notifies Customers of a Data Breach Involving 200,000+ Users
Table of Contents
- By Dawna M. Roberts
- Published: Jan 05, 2021
- Last Updated: Mar 18, 2022
T-Mobile experienced a data breach in early December, and on Tuesday, they announced that some of its customers’ proprietary network information (CPNI) might have been exposed.
Who is T-Mobile?
T-Mobile U.S., Inc. is a wireless network carrier offering phones and wireless phone services to American customers. They provide wireless voice and data services across all U.S. states. T-Mobile is a favorite among customers due to its flexible and inexpensive pricing plans, and deep discounts, especially for people over the age of 50. Since merging with Sprint, they offer even more plans, and deals meant to entice customers away from the competition. They even provide free iPhones (the latest version) in hopes of scooping more market share. T-Mobile was one of the first carriers to offer nationwide 5G service. They claim to have the largest 5G network in the county.
In April 2020, T-Mobile merged with Sprint Corporation, and now Sprint is a subsidiary of T-Mobile. Their brand is recognized by a bright pink rectangular logo with the word T-Mobile in the center.
T-Mobile started out as VoiceStream Wireless PCS in 1994, which was a subsidiary of Western Wireless Corporation. In May of 1999, Deutsche Telekom AG purchased the company and then in 2001 rebranded it as T-Mobile USA, Inc. In 2013 MetroPCS merged with T-Mobile, and the name became T-Mobile U.S.
T-Mobile reported earnings of $19.3 billion and more than 100.4 million customers on their third-quarter financial statements for 2020.
About the Breach
A spokesperson for the wireless vendor told Security Media Group that about 200,000 (roughly 2%) of their customer base was part of a data breach that occurred in December. The customer data breached included phone numbers, number of lines, and some customer call-related information.
According to their public announcement, T-mobile said, “Our cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account. We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers.”
T-Mobile assured customers that no personally identifiable information (PII) was included in the breach. The spokesperson for T-Mobile commented, “The data accessed did NOT include any names associated with the account, financial data, credit card information, social security numbers, passwords, PINs or physical or email addresses.”
The breach did involve customer proprietary network information (CPNI) and the FCC defines this as “CPNI includes some of the most sensitive personal information that carriers and providers have about their customers as a result of their business relationship (e.g., phone numbers called; the frequency, duration, and timing of such calls; and any services purchased by the consumer, such as call waiting).”
How T-Mobile Responded
On Tuesday, T-Mobile started notifying customers via text messages. They also posted a customer notification on their website that informed users but also reassured them that no identity theft information was stolen.
Their notice also included an apology and an 800-number should customers have any additional questions or concerns. It was signed by the Chief Marketing Officer, Matt Staff.
T-Mobile declined to comment further about what “call data” referred to and said there was an ongoing investigation into the incident.
How T-Mobile Customers Can Stay Safe
Security experts warn T-Mobile customers that they are at extreme risk of phishing texts by cybercriminals because their phone numbers were exposed. Some of the ways that T-Mobile customers can remain safe are:
- Ignore any text messages that come in referencing the breach and asking you to click a link.
- Watch out for phishing emails. Your phone number could easily be used to find your name, address, and other information. There are treasure troves of this information on the dark web.
- Do not share your T-Mobile logins with anyone.
- Keep a close eye on your T-Mobile account and any charges you do not recognize on your bill.
- Watch out for spam calls especially relating to data breaches, hacked computers, or other hardware. Often scammers will call you pretending to be tech support people wanting to help “fix the problem” when they are really only after your money.
- Sign up for credit monitoring to keep an eye on all your accounts.
- Get a copy of your credit reports to look for anything suspicious.
- Consider a credit freeze so no one can open accounts in your name.
- Never click a link in an email (even if it looks legitimate). Go to the website instead.
- Do not share personally identifiable information (PII) with anyone who does not need it.
- Do not download attachments from email or text messages.
Your best defense after a data breach is to remain alert and use common sense. Before taking any action, think about it, investigate, and then do so safely.