T-Mobile data breach: Over 2 million customers' personal information possibly exposed

  • Potentially compromised data includes customers’ names, billing ZIP codes, phone numbers, email addresses and more.
  • T-Mobile stated no financial data or social security numbers of customers were stolen.

T-Mobile suffered a data breach that could have allowed hackers to steal the personal data of around 2 million of its customers. The potentially compromised data includes names, billing ZIP codes, phone numbers, email addresses, account numbers and account types (prepaid or postpaid) of customers. However, the good news is none of the financial data or social security numbers are stolen.

The incident was discovered on August 20, when the telecommunications giant’s cybersecurity team noticed the company’s network being accessed by an unauthorized third-party. The team was quick to take action and immediately blocked the attackers’ intrusion attempt.

Hackers used T-Mobile API to compromise server

"Our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised," said T-Mobile in a released statement.

A T-Mobile spokesperson told Motherboard that roughly 3 percent of its 77 million customers have been affected by the breach. The spokesperson added that the incident occurred after hackers gained access to T-Mobile’s Application Programming Interface (API) and later used it to compromise the company’s server.

It is not yet clear as to who is behind the intrusion or whether any data has been misused. T-mobile clarified that all the affected customers have been or will soon be notified.

"We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access," the company said. "We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you."

This is not the first time that T-Mobile has been affected by a breach. In May, security experts unearthed a bug in the company’s website that could have allowed anyone to access the personal data of customers, using only a phone number.