T-Mobile USA announced a security breach late last night. The company says its cyber-security team discovered and shut down unauthorized access to its customers' data on Monday, August 20.
The telco says an attacker was exfiltrating personal data such as customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types (prepaid or postpaid).
T-Mobile said the hacker (or hackers) did not gain access to passwords, social security numbers, or any financial information.
Impacted customers will receive an SMS, letter in the mail, or a phone call to notify them. The US telco says it informed law enforcement authorities about the breach.
A T-Mobile spokesperson told Motherboard that less than 3% of its customerbase was affected. T-Mobile reported 75.62 million customers at the end of Q2 2018. That would put the breach at around 3.9 million customers, still a considerable number.
As some T-Mobile users have pointed out, even if the hackers did not get their hands on any financial data or passwords, the breach makes it easier for the attacker to port (SIM swap) numbers.
The telco company is redirecting all worried customers to its customer care service available via phone call, its official website, or Apple iMessage and Business Chat.
"We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you," T-Mobile said.