T-Mobile has announced a data breach that reveals customers’ proprietary network information (CPNI), including telephone numbers and call records.
As of yesterday, T-Mobile began sending an SMS to customers that a “security incident” revealed the account information.
According to T-Mobile, the security team recently discovered “malicious, unauthorized access” to their systems. After hiring a cybersecurity company to conduct an investigation, T-Mobile found that threat players gained access to telecommunications information generated by customers, known as CPNI.
The information exposed to this breach includes phone numbers, call records and the number of lines in an account.
“Customer Proprietary Network Information (CPNI) as defined by Federal Communications Commission (FCC) rules was opened. CPNI access may have included phone number, number of lines subscribed to your account, and in some cases call-related information collected as part of the regular the operation of your wireless service, T-Mobile said in a notice of data breach.
T-Mobile states that the breach of the data did not disclose the account holder̵
In a statement to BleepingComputer, T-Mobile stated that this breach affected a “small number of customers (less than 0.2%).” T-Mobile has approximately 100 million customers, which is equivalent to around 200,000 people affected by this breach.
“We are currently alerting a small number of customers (less than 0.2%) that any information related to their account may have been illegally accessed. The data you accessed did NOT contain any names associated with the account, financial data, credit card information, social security numbers, passwords, PINs or physical addresses or e-mail addresses The information you have access to may have included telephone numbers, the number of lines subscribed to and in a small number of cases some call-related information collected as part of normal operation and service , “T-Mobile told BleepingComputer.
Those who received the text message about this breach should be on the lookout for suspicious texts that claim to be from T-Mobile and request information or contain links to non-T-Mobile websites.
It is not uncommon for threat actors to use stolen information for additional targeted phishing / smishing campaigns that attempt to steal sensitive information such as login names and passwords.
T-Mobile previously suffered from breaches in 2018 that exposed customer information, 2019 for prepaid customers, and in March 2020 that exposed customer and financial data.
30/30/20 update: Added statement from T-Mobile