The year 2020 was disastrous for the world as a whole, but it was twice as troublesome for the famous mobile telecommunications firm T-Mobile. The organization allegedly suffered two data breaches within one year. They have begun to alert affected customers because of the latest attack.
According to T-Mobile, this attack affected less than 0.2% of its over 100 million customers, a small percentage of its customer base, were hit by the violation. However, there are already some 200,000 impacted customers, which is certainly a huge number. Thousands of T-Mobile customers are affected negatively by this attack and could be vulnerable to social engineering or phishing attacks.
“Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed. The CPNI accessed may have included the phone number, number of lines subscribed to on your account, in some cases, call-related information,” stated T-Mobile.
The incident took place in November and was only found in December after regular security tests.
The CPNI may include all location information, including tower IDs, and granular information from some devices. This year, it’s pretty rough for the telephone business after it was targeted by a cyberattack earlier this year.
The company has engaged cybersecurity forensics experts to determine the existence and scope of the damage and the form of data compromised in the attack. In a security note shared by T-Mobile with its customers, the carrier claimed that:
“We also immediately reported this matter to the federal law enforcement authorities and are now in the process of notifying affected customers.”
Affected data includes,
- Phone Numbers
- Number Of Lines Linked With An Account
- Call Records Such As Call Timing, Duration, and Phone Numbers
T-Mobile breached data didn’t include,
- Financial Data
- Email Addresses
- Physical Addresses
- Social Security Numbers
- Credit Card Data
- Login Credentials Including PINs and Passwords, and Tax ID