T-Mobile: Breach exposed call information for some customers

T-Mobile says that it “recently identified and quickly shut down” a data breach that included call-related information about some accounts.

The wireless telecommunication firm said in a notice mailed to some customers in late December that the incident “may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”

It’s the fourth data breach that the company has acknowledged within the last three years. T-Mobile, which completed a merger with Sprint in April 2020, also disclosed incidents that occurred in March 2020, November 2019 and August 2018.

The company called the intrusion “malicious, unauthorized access,” but did not release details about the suspected intruders or their methods. Personally identifiable information was not affected in this latest breach, T-Mobile said.

“The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs,” the company said, adding that it had contacted cybersecurity experts and federal law enforcement about the breach.

The notice was also posted on the company’s website. A spokesman told TechCrunch that the breach happened in early December and affected 0.2% of T-Mobile customers, or about 200,000 people.

The affected data is known as customer proprietary network information, and although it might not contain the names or other identifying information of customers, the Federal Communications Commission still considers it sensitive in nature.