T-Mobile customers hit by another data breach exposing a bunch of sensitive information
Many people think there's no such thing as bad publicity, but while T-Mobile ultimately emerged victorious from a fierce legal battle with 13 state AGs and the Attorney General for the District of Columbia, it's safe to say at least some of the attention garnered by the lawsuit opposing Magenta's merger with Sprint reflected poorly on the Deutsche Telekom-owned "Un-carrier."
Any suspicion of a scamming attempt or hoax of any sort was shattered when T-Mobile users visited the link provided in the aforementioned texts to discover an official "notice of data breach" acknowledging and detailing a "sophisticated attack recently identified and quickly shot down." While that latter part might sound encouraging, it appears that Magenta's cybersecurity experts were only able to "shot down the attack" after these "sophisticated" hackers gained unauthorized access to the "account information" of an unspecified number of customers and employees.
T-Mo may however have a much bigger cause for concern already from a brand perception standpoint than possible price hikes (which have yet to materialize) and extensive layoffs (which seem to have started before the merger could even be completed), as a number of customers were stunned to receive a highly distressing text message from their wireless service provider earlier today.
Fortunately, no financial info or Social Security numbers ended up in the wrong hands here, but unfortunately, customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information were all affected by the data breach, which is still pretty bad.
Although the extent of the attack is currently unknown, all recipients of the T-Mobile alert circulating on Reddit and social media in the last few hours should assume they've been targeted and may want to review their account information, as well as update their account's personal identification number.
While T-Mo has no evidence (yet) of any fraud or other misuse of the information contained in this latest data breach, you can never be too safe. By the way, there might still be victims out there who are yet to be notified of the security vulnerability due to no longer being the "Un-carrier's" customers or a lack of up-to-date contact information, so it's probably not a bad idea to change your account passcode even if you haven't received a text message.
All in all, as data breaches go, this is certainly not the worst one to have ever happened to a US mobile network operator, but at the same time, it's the second issue of this sort to affect T-Mobile customers within the last six months alone. That's bad and Magenta should definitely feel bad for not doing a better job protecting user privacy.