2019 is not shaping up as a great year for Sprint when it comes to its customer data: after a data breach that compromized Boost Mobile customers information earlier, now, Sprint has admitted that hackers had gained access to customer information
such as names, billing, device details, and more via a Samsung web page. The exact number of breached account is not yet known and Sprint says that credit card data and social security information were encrypted and not compromised.
"Information such as customers' account Personal Identification Numbers (PINs) may have been compromised, however credit card and social security numbers are encrypted and were not compromised,"Sprint said in a statement for CNET
Sprint told customers in a letter that the breach occurred on June 22nd and specified that the hack revealed customers' first and last name, billing address, phone number, subscriber ID, account number, device type, device ID, monthly charges, account creation date, upgrade eligibility and any add-on services. While this is a lot of information, Sprint claims this is not enough information that would pose a substantial risk for fraud or identity theft, but some people would disagree with such an assessment. The hack happened via the Samsung "add a line" website.
Samsung also came up with a statement saying the following: "We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung. We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts."