X

T-Mobile suffers another, smaller data breach

Following a large breach earlier this year, some T-Mobile customers get an unwelcome end-of-year surprise.

LoriGruninNewHeadshot.jpg
LoriGruninNewHeadshot.jpg
Lori Grunin Senior Editor / Advice
I've been reviewing hardware and software, devising testing methodology and handed out buying advice for what seems like forever; I'm currently absorbed by computers and gaming hardware, but previously spent many years concentrating on cameras. I've also volunteered with a cat rescue for over 15 years doing adoptions, designing marketing materials, managing volunteers and, of course, photographing cats.
Expertise Photography, PCs and laptops, gaming and gaming accessories
Lori Grunin
2 min read
007-t-mobile-network-mobile-carrier-logo-2021
Sarah Tew/CNET

T-Mobile  has suffered another data breach, just a few months after a huge breach in August, the carrier confirmed Wednesday. "We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed," the company said in an email.

The new breach affected a smaller group of customers than the more than 50 million people hit in August, and the latest victims received notifications from T-Mobile of "unauthorized activity" including hackers viewing customer proprietary network information, according to a Tuesday post by blog The T-Mo Report. 

"Customer proprietary network information," or CPNI, includes all the data T-Mobile has about your phone calls, which, according to the carrier, means "features of your voice calling service (e.g., international calling), usage information (like call logs — including date, time, phone numbers called, and duration of calls), and quantitative data like minutes used." CPNI doesn't contain any billing-related information, like names or addresses. 

An unapproved physical SIM swap enables someone else to take over your phone number, and if that person has your password, to potentially gain access to accounts linked to it -- such as if you use texts for multifactor authentication. (If that's happened to you, here's what to do next.) T-Mobile said it's addressed the problem. 

"Unauthorized SIM swaps are unfortunately a common industry-wide occurrence. However, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures," the carrier said. "Our people and processes worked as designed to protect our customers."

t-mobile-gettyimages-1165309440
Watch this: T-Mobile data breach: What you need to know