T-Mobile has been the target of an attack by hackers, and that attack may have resulted in the theft of personal details on about 2 million of its customers. T-Mobile is contacting anyone affected by the hack by text message.
According to an announcement on T-Mobile’s website, the hack was discovered on August 20 and swiftly shut down. Describing the hack as “unauthorized access,” T-Mobile was quick to clarify that no financial details were exposed in the hack, and neither were details about Social Security numbers. However, details of a personal nature, such as addresses, names, and account numbers, may have been compromised.
Despite the fact that T-Mobile says that passwords weren’t compromised in the hack, a report from Motherboard quotes a T-Mobile spokesperson as saying that “encrypted passwords” were stolen in the breach. When asked why the company didn’t disclose that, T-Mobile noted that the passwords “weren’t compromised” because they were encrypted. We’ve reached out for T-Mobile for clarification and will update this article when we hear back.
In a comment to Motherboard, a T-Mobile spokesperson confirmed the attack and said that “an international group” of hackers was the suspected culprit. According to the statement, T-Mobile’s security team was able to shut it down on the same day it was discovered. While specifics were not provided, the spokesperson did let slip that the breach had affected less than 3 percent of T-Mobile’s 77 million customers — around 2 million users.
T-Mobile is reaching out to affected users by text message. If you’re a T-Mobile customer and have not received a text message, then it’s probably safe to assume you haven’t been affected. However, T-Mobile is encouraging customers to reach out to it if they’re worried about the hack. Customers can do so by dialing 611 from their T-Mobile phone to contact customer service.
Personal data breaches have almost become a fact of life in our connected, Internet of Things world. U.K. retailer Carphone Warehouse recently revealed customer details had been compromised after an attack on its servers, while the Facebook-Cambridge Analytica data leak has now become the stuff of legend — a legend that will likely haunt Facebook for some time, despite privacy changes.
If you’re worried about this and other data leaks, you can check whether your email account has previously been compromised on certain websites, and while you can’t do much to influence corporate data security, you can take steps to make sure your own channels are safe by securing your phone or your personal computer against data-seeking malware and viruses.
Updated on August 24: It’s unclear if passwords were stolen in the data breach. We reached out for clarification.