- Sep 20, 2021
In a statement on August 23, the telecommunication giant T-Mobile reported a security incident may have briefly exposed the personal information of approximately two million customers to a cyber attacker. The staff had noticed an unauthorized entry into T-Mobile’s network on August 20. It is highly probable that data including customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types have been breached even though the intrusion was shut down as fast as possible.
The cyber-security team of the company discovered and rapidly shut down the unauthorized access, with the company assuring its customers that, “none of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised.” A spokesperson from the company stated to Motherboard that the cybersecurity breach incident occurred post-compromisation of company servers through an API and affected only 3 percent (about 2-2.5 million) customers out of its 77 million customers. The spokesperson did not divulge further into technical details of the T-Mobile hack.
The company has indicated that the cyber attackers were “international”, other than which they have given no further identification. The company ascertains that all affected customers of T-Mobile hack have been notified or will be notified soon enough.
We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access…We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you. – The company has apologized to the public
That being said, one must take note of an incident that took place in May where a bug was uncovered in T-Mobile’s website which allowed anyone to access the personal data of customers using only a phone number, the customer information including their full name, physical address, billing account numbers, and account records. This makes T-Mobile’s cybersecurity practices come under suspicion and criticism.