T-Mobile has suffered another cyberattack after being rocked by a massive data breach in August. This time around, attackers accessed “a small number of” customers’ accounts.
Customers either fell victim to a SIM swapping attack (which could allow someone to bypass SMS-powered two-factor authentication), had personal plan information exposed, or both. The document shows that the customer proprietary network information that was viewed could’ve included customers’ billing account name, phone and account number, and info about their plan, including how many lines were attached to their account.
The carrier confirmed that a data breach exposed almost 50 million customers’ data, with the attacker accessing social security numbers, names, and dates of birth. (A person who claimed to be the hacker went on to call the company’s security practices “awful.”) The information reportedly exposed in December’s breach is less sensitive (and the documents say the customers who had their SIMs swapped have regained access), and is likely not as large in scope.
T-Mobile’s support account has seemingly confirmed that there was a breach, responding to people on Twitter to say that it’s taking “immediate action” to help individuals who were put at risk by the attack.
Unlike the earlier breach, which affected more than 50 million customers, this one may have impacted a much smaller number of people