T-Mobile suffers another, smaller data breach
Following a large breach earlier this year, some T-Mobile customers get an unwelcome end-of-year surprise.
T-Mobile has suffered another data breach, just a few months after a huge breach in August, the carrier confirmed Wednesday. "We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed," the company said in an email.
The new breach affected a smaller group of customers than the more than 50 million people hit in August, and the latest victims received notifications from T-Mobile of "unauthorized activity" including hackers viewing customer proprietary network information, according to a Tuesday post by blog The T-Mo Report.
"Customer proprietary network information," or CPNI, includes all the data T-Mobile has about your phone calls, which, according to the carrier, means "features of your voice calling service (e.g., international calling), usage information (like call logs — including date, time, phone numbers called, and duration of calls), and quantitative data like minutes used." CPNI doesn't contain any billing-related information, like names or addresses.
An unapproved physical SIM swap enables someone else to take over your phone number, and if that person has your password, to potentially gain access to accounts linked to it -- such as if you use texts for multifactor authentication. (If that's happened to you, here's what to do next.) T-Mobile said it's addressed the problem.
"Unauthorized SIM swaps are unfortunately a common industry-wide occurrence. However, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures," the carrier said. "Our people and processes worked as designed to protect our customers."
