Cellular phone provider T-Mobile on Monday is confirming earlier reports of a data breach, and says the breach affected over a million of its customers.
Here’s the disclosure to affected users.
More than one million T-Mobile customers’ personal data were exposed to a malicious actor, but no financial or password data.
The data exposed appears to have been:
Name
Billing address
Phone number
Account number
Rate, plan and calling features (such as paying for international calls)The latter data is considered “customer proprietary network information” and under telecoms regulations they are required to notify customers if it is leaked. The implication seems to be that they might not have done so otherwise. Of course some hacks, even hacks of historic magnitude, go undisclosed sometimes for years.
In this case, however, it seems that T-Mobile has disclosed the hack in a fairly prompt manner, though it provided very few details. When I asked, a T-Mobile representative indicated that “less than 1.5 percent” of customers were affected, which of the company’s approximately 75 million users adds up to somewhat over a million.
Previously on Boing Boing:
T-Mobile says recent ‘criminal hack’ got personal data of some prepaid wireless customers