T-Mobile suffered a security breach in December that may have exposed call-related information and phone numbers for some of its customers. First reported by Bleeping Computer, the information affected by the breach did not include names on customers’ accounts, physical or email addresses, financial data, credit card information, Social Security numbers, tax IDs, passwords, or PINs, the company said.
T-Mobile said in a statement emailed to The Verge that it had notified “less than 0.2 percent” of its customers— which works out to about 200,000 people— that some account information may have been illegally accessed. That information “may have included phone numbers, number of lines subscribed to and in a small number of cases some call-related information collected as part of normal operation and service.” T-Mobile says it “identified this attack in early December and quickly shut down the incident.” Affected customers were notified via text message.
In a notice on its website, T-Mobile said its security team “shut down malicious, unauthorized access,” and it began an investigation to determine what information was involved. The company reported the situation to federal law enforcement.
T-Mobile has been victim to several data breaches in recent years; in 2018, hackers accessed personal information for roughly 2 million customers that included names, addresses, and account numbers. In 2019, some of the company’s prepaid customers were affected by a breach that accessed names, addresses, and account numbers. And in March 2020, a breach exposed some T-Mobile customers’ financial information, Social Security numbers, and other account information.