View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 24, 2018

T-Mobile Hack: 2 Million Affected

By CBR Staff Writer

T-Mobile says a hack on its US servers on August 20 may have resulted in the leak of up to two million customer IDs, including names, zip codes, phone numbers and account number.

No financial data nor social security numbers were revealed and no passwords compromised, the company said, adding that it shut down the intrusion within hours of it being detected. Customers are being contacted by text message.

Those seeking help on the verified T-Mobile Help Twitter account may be out of luck: it has not been updated since April.

A company spokesman told Vice’s  Lorenzo Franceschi-Bicchierai that the breach affected “about” or “slightly less than” three percent of its 77 million customers.

T-Mobile Hack: Servers Accessed Via API

The spokesperson added that the “incident” in the US happened “early in the morning on Aug. 20,” when hackers that are part of “an international group” accessed company servers through an API that “didn’t contain any financial data or other very sensitive data.”

According to the spokesperson, on the same day of the intrusion, the cybersecurity team detected it. “We found it quickly and shut it down very fast,” the spokesperson said.

See also: Fresh Embarrassment for Dixons Carphone Warehouse after HTTP Howler

“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you,” T-Mobile said in a statement published online.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

“Unauthorised Capture”

The company added: “On August 20, our cyber-security team discovered and shut down an unauthorized capture of some information, including yours, and promptly reported it to authorities. No financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, some personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid”.

The breach is just the latest in an almost weekly stream of stories about customer data being accessed by hackers; Ticketmaster and Carphone Warehouse being two of the more high profile recent attacks.

See also: The Ticketmaster Hack is Worse Than First Thought

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.