The telecom giant T-Mobile has reported a breach that has exposed proprietary network information (CPNI) of its customers. According to the information that has been disclosed, the data that has been affected includes telephone numbers and call logs.
T-Mobile started sending text messages to its customers yesterday with a warning that their account details were leaked in a “security incident”.
As per the announcement, the security team of T-Mobile has recently found “malicious, unauthorized access” to its networks.
The company has hired a cybersecurity firm to investigate the case and the latest results have shown that malicious actors have managed to gain unauthorized access to customer-generated telecom information identified as CPNI. The data that has leaked includes phone numbers, call logs, and the number of lines on an account.
T-Mobile came up with an official notification on the data breach that gives more details on the incident. As stated in the notification, the CPNI that was accessed, aside from phone numbers and number of lines subscribed to on your own account, may have contained also some information about your calls that is typically collected as part of the normal operations of the wireless service.
As serious as the incident may seem, the data breach has not exposed the identities, physical locations, email addresses, financial records, credit card details, Social Security numbers, tax IDs, passwords, or PINs of the customers. According to T-Mobile’s statement, the data breach has impacted less than 0.2% of the customers.
The mobile service provider currently has about 100 million customers, out of which only about 200,000 people have been affected by this data incident.
In relation to the incident, currently, T-Mobile is informing the affected customers of the unauthorized access of their data by sending them notifications.
The users who already have received a text warning on this data breach should be on alert for suspicious future texts pretending to be sent from T-Mobile which ask for personal details or contain links to non-T-Mobile pages.
The usage of compromised information for more focused phishing and smishing attacks to steal personal information such as user names or passwords is not usual for threat actors.
This last data incident is not the only incident that the mobile giant has suffered. Earlier in March 2020, T-Mobile had leakage of customer and financial data. The company has been a target for cybercriminals back in 2019 and 2018 where there were attacks on customers’ information.