T-Mobile has been hit by another data breach.
T-Mobile is now in the process of alerting customers to a malicious attack in which some customer information may have been access. On a webpage dedicated to the attack, T-Mo explains that a “sophisticated attack” was made against its email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account info for T-Mobile customers and employees.
The info accessed during this attack may have included customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information. T-Mo says that financial information, including credit card numbers, as well as Social Security numbers were not affected.
The info accessed during this attack may have included customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information. It appears that some customers are being told that their financial info was not accessed while others may have had their financial account info and Social Security numbers accessed.
For those customers whose financial info was accessed, T-Mobile is offering two years of free credit monitoring and identity theft detection services from TransUnion. Customers must sign up by May 31, 2020.
T-Mobile says that it’s not aware of any evidence to suggest that information accessed was used to commit fraud.
After the attack was identified and shut down, T-Mobile began investigating the issue with the help of “leading cybersecurity forensics experts”. T-Mo also reported the incident to federal law enforcement and is cooperating with their investigation.
T-Mobile is in the process of notifying customers whose accounts may have been affected by the attack. If you haven’t yet received a text but want to find out if your account was affected, you can contact customer support by dialing 611 from your T-Mobile phone or 1-800-937-8997 from any phone. You can also call these numbers to update the PIN on your account.
Data breaches like this one are always serious, and it’s frustrating that this latest breach has occured just a few months after some customers had their account info accessed by a malicious party. This breach is especially worrying for those folks who had their financial and SSN info accessed, even if there’s been no evidence that that info was used for fraud.
I’ve reached out to T-Mobile for more information on the data breach, like how many customers were affected, and will update this post if I hear back.
Have you received a text from T-Mobile about this attack?