T-Mobile announced that around 3% of its customer base—about 2 million users—had their data hacked by an unknown international entity.
“None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised,” the operator said in a statement. “However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).”
The carrier said that it is alerting affected customers through text message. It also posted a message on its website about the hack.
“On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities,” T-Mobile said.
A detailed article in Motherboard noted T-Mobile believes the hack was conducted by “an international group” that accessed company servers through an API that “didn’t contain any financial data or other very sensitive data.”
The report noted that T-Mobile shut down the access point on the day it was accessed.
T-Mobile, of course, is not the first carrier to be hacked. Nor is this T-Mobile's first reported loss of customer data to theft. For example, AT&T in 2014 confirmed three employees of one of its vendors, which it did not name, accessed an unknown number of customers' personal information, including Social Security numbers and call records.
And T-Mobile itself in 2015 found that 15 million people who applied for T-Mobile services had their personal information stolen through vendor Experian.