On December 30, 2020, wireless network operator T-Mobile began notifying affected customers of a data security incident – the company’s second data breach in 2020. The telecom giant discovered malicious, unauthorized access to information related to customer accounts.
T-Mobile claims that the breach affected less than 0.2 percent of its 100 million subscribers, approximately 200,000 customers.
The attack reportedly took place in early December. Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was compromised, including:
According to T-Mobile, the most recent cybersecurity incident did not expose financial details, such as credit card information or Social Security numbers. However, compromised data may be combined with previously breached information to coordinate phishing attempts and social engineering attacks. The FCC refers to CPNI as “some of the most sensitive personal information that carriers and providers have about their customers.”
T-Mobile claims to have immediately shut down unauthorized access and reported the matter to law enforcement. The company is not providing free credit monitoring services to affected individuals.
This is T-Mobile’s fourth data breach in just three years. In addition, before merging with T-Mobile, Sprint disclosed two separate data breaches in 2019. Combined previous, recent security incidents include:
T-Mobile became the third-largest cell carrier in the United States after its $30 billion merger with Sprint in April 2020. Headquartered in Bellevue, Washington, the company has annual revenues of over $40 billion.