T-Mobile US Data Breach Hits Million Prepay Customers

T‑Mobile USA disclosed on Friday that account details for prepaid customers had been subjected to “malicious, unauthorized access”. They reassured customers that whilst some information had been stolen, their banking details had not been breached.

None of your financial data (including credit card information) or social security numbers was involved, and no passwords were compromised.

The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature.

The telco said their cybersecurity team had “quickly corrected” the incident. From their choice of words it appears as though T‑Mobile were prompt in notifying customers about the data breach, though they have said nothing about how it occurred.

TechCrunch reported that the details of more than a million customers had been exposed by the hackers. This was inferred by TechCrunch when a T‑Mobile spokesperson said less than 1.5 percent of customers had been affected. T‑Mobile USA has around 75mn customers at present.

Customers were encouraged to update their personal identification numbers. With so much attention being directed towards the threat of SIM swaps, T‑Mobile will be conscious that the compromised information could help criminals to take over accounts. It is hence prudent for customers to refresh the codes they use to obtain access.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.