T-Mobile data breach exposed CPNI information including phone numbers, call records

A data breach has been reported on T-Mobile, exposing customers’ proprietary network information (CPNI) that includes phone numbers and call records. A “security incident” exposed customers’ account’s information, T-Mobile started to text users from yesterday.

The company says, its security team spotted “malicious, unauthorized access” to their devices in recent times. T-Mobile discovered that cyber criminals gained access to the telecommunications data generated by customers, known as CPNI, after performing an analysis in a cybersecurity firm. Data exposed in this infringe includes phone numbers, call records, and the number of lines on an account.

T-Mobile stated in a data breach notification, “Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed. The CPNI accessed may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service,”.

The company mentions that that the data violation did not expose account holders’ names, email addresses, addresses, credit card details, financial data, social security numbers, tax IDs, passwords, or PINs. In a statement, T-Mobile stated that this breach affected a “small number of customers (less than 0.2%).”  It has just about 100 million users, which equates to around 200,000 people affected by this violation.

“We are currently notifying a small number of customers (less than 0.2%) that some information related to their account may have been illegally accessed. The data accessed did NOT include any names associated with the account, financial data, credit card information, social security numbers, passwords, PINs or physical or email addresses. The information that was accessed may have included phone numbers, number of lines subscribed to and in a small number of cases some call-related information collected as part of normal operation and service,” T-Mobile told in an interview.

People who received the text alert about this infringe should be careful of suspicious texts that might come from cyber crooks, claiming to be from T-Mobile asking for information or containing links to non-T-Mobile websites. It is very common for cyber hackers to use stolen data for further targeted phishing campaigns that try to steal sensitive information such as login names and passwords.