T-Mobile says a hack on its US servers on August 20 may have resulted in the leak of up to two million customer IDs, including names, zip codes, phone numbers and account number.
No financial data nor social security numbers were revealed and no passwords compromised, the company said, adding that it shut down the intrusion within hours of it being detected. Customers are being contacted by text message.
Those seeking help on the verified T-Mobile Help Twitter account may be out of luck: it has not been updated since April.
A company spokesman told Vice’s Lorenzo Franceschi-Bicchierai that the breach affected “about” or “slightly less than” three percent of its 77 million customers.
T-Mobile Hack: Servers Accessed Via API
The spokesperson added that the “incident” in the US happened “early in the morning on Aug. 20,” when hackers that are part of “an international group” accessed company servers through an API that “didn’t contain any financial data or other very sensitive data.”
According to the spokesperson, on the same day of the intrusion, the cybersecurity team detected it. “We found it quickly and shut it down very fast,” the spokesperson said.
See also: Fresh Embarrassment for Dixons Carphone Warehouse after HTTP Howler
“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you,” T-Mobile said in a statement published online.
“Unauthorised Capture”
The company added: “On August 20, our cyber-security team discovered and shut down an unauthorized capture of some information, including yours, and promptly reported it to authorities. No financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, some personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid”.
The breach is just the latest in an almost weekly stream of stories about customer data being accessed by hackers; Ticketmaster and Carphone Warehouse being two of the more high profile recent attacks.