T-Mobile Confirms Personal Data from 2M+ Accounts Was Breached by Foreign Hackers

T-Mobile this week confirmed in a disclosure that foreign hackers gained access to the personal data of just over two million of its domestic wireless customers, including their names, phone numbers, email addresses, account numbers, account types and zip codes.

T-Mobile, which currently counts an estimated 77 million monthly subscribers, posted the revelations in a statement on its website late Thursday. The breach allegedly took place on August 20th, but wasn’t publicly identified as a foreign hack until yesterday afternoon.

“Our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities,” T-Mobile said in its statement, adding that “None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised.”

“However,” the carrier concedes, “you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).”

It’s currently unknown where the hack originated from, though T-Mobile is specific that it was perpetrated be foreign hackers — meaning it was not executed and/or carried out by domestic actors on U.S. soil.

While details about the scope of the breach are currently vague, a Motherboard report published shortly after the news broke this week revealed that an estimated 3 percent of its 77 million monthly subscribers — around 2.3 million of them — had their data compromised in the breach.

How Do I Find out If My Data Was Compromised?

T-Mobile indicated in its statement that it’s currently in the process of texting all customers whose accounts were breached, adding that if customers don’t receive a text message by Friday morning (or shortly thereafter), then their information was not compromised in the hack.

Those still concerned even if they don’t receive a text from the carrier can call 611 for further confirmation and clarification.

While data breaches of this magnitude can oftentimes have damaging implications for the affected, they’re not uncommon among major tech and services firms — in whom millions of users confide their personal and otherwise sensitive information.

Last year, a security vulnerability allowed the discovery of as many as 14 million Verizon Wireless customers’ data being stored on an unprotected Amazon Web Services (AWS) server operated by Ra’anana, Isreal-based software company, Nice Systems.

The discovery prompted America’s largest wireless carrier to issue a statement indicating it was actively investigating how the customer data was improperly stored on the server, as part of the Big Red carrier’s “ongoing project to improve customer service.”

These hacks are really just the tip of the iceberg, though, as far as major data breaches and large corporations go. Click here to learn more about the five most impactful and damaging data breaches of 2017.