Image: T-Mobile, ZDNet
US telecommunications giant T-Mobile disclosed yesterday a security breach that impacted both its employees and customers alike.
In a data breach notification message posted on its website, the company said that its security team has recently stopped “a malicious attack” against its email vendor.
The attack was successful, T-Mobile said, and the hacker (or hackers) gained access to “certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees.”
The company said it believes the hacker might have used this access to steal data on T-Mobile employees and some of its customers.
“Information accessed illegally may have included names and addresses, phone numbers, account numbers, rate plans and features, and billing information,” T-Mobile said.
Payment card data and Social Security numbers were not exposed in the incident.
T-Mobile did not say how many users were impacted but recommended that customers change the personal identification number (PIN/passcode) on their T-Mobile accounts.
The US telco is currently sending out SMS notifications to all impacted users.
Image via u/bahamapapa817 on Reddit
Current and past customers were impacted alike.
This is the second security breach T-Mobile discloses in the past six months. It disclosed a similar security breach in November 2019. At the time, T-Mobile said the incident only impacted a small number of customers of its prepaid service.
Sprint also disclosed two security breaches last year, one in May and a second in July.
T-Mobile did not return a request for comment seeking additional details about the incident.
