T‑Mobile USA disclosed on Friday that account details for prepaid customers had been subjected to “malicious, unauthorized access”. They reassured customers that whilst some information had been stolen, their banking details had not been breached.
None of your financial data (including credit card information) or social security numbers was involved, and no passwords were compromised.
The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature.
The telco said their cybersecurity team had “quickly corrected” the incident. From their choice of words it appears as though T‑Mobile were prompt in notifying customers about the data breach, though they have said nothing about how it occurred.
TechCrunch reported that the details of more than a million customers had been exposed by the hackers. This was inferred by TechCrunch when a T‑Mobile spokesperson said less than 1.5 percent of customers had been affected. T‑Mobile USA has around 75mn customers at present.
Customers were encouraged to update their personal identification numbers. With so much attention being directed towards the threat of SIM swaps, T‑Mobile will be conscious that the compromised information could help criminals to take over accounts. It is hence prudent for customers to refresh the codes they use to obtain access.