T-Mobile has reported a safety incident which can have led to the publicity of non-public data belonging to roughly two million customers.
In a press release, the telecommunications big said on Thursday current “incident” might have given a cyberattacker transient entry to buyer information.
On August 20, T-Mobile workers detected an unauthorized entry into the corporate’s community. While the intrusion was quickly shut down, buyer names, billing ZIP codes, telephone numbers, e mail addresses, account numbers, and account varieties are believed to be concerned within the data breach.
“Our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities,” T-Mobile says. “None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised.”
Speaking to Motherboard, a T-Mobile spokesperson stated the cybersecurity incident affected roughly three p.c of its 77 million customers, or roughly 2 – 2.5 million customers.
According to the spokesperson, the incident occurred after hackers compromised firm servers via an API, though no additional technical particulars have been disclosed.
The firm has additionally not revealed any ideas behind who could also be behind the intrusion, past the idea that the menace actors had been “international.”
T-Mobile says that every one affected customers have, or quickly will probably be, notified.
“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access,” the corporate added. “We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.”
This just isn’t the primary time this 12 months that T-Mobile’s cybersecurity practices have come underneath scrutiny.
In May, researchers uncovered a bug in T-Mobile’s web site which allowed anybody to entry the private data of customers utilizing solely a telephone quantity.
The exploit existed in a subdomain utilized by firm workers members to entry inner instruments. This subdomain was simple to discover by way of serps, and as soon as a telephone quantity was tagged onto the top of the online handle, the platform would reveal buyer data — together with their full identify, bodily handle, billing account numbers, and account information.
See additionally: Mexicans served with Dark Tequila in spyware spree