A T-Mobile system error has exposed some customers' personal and payment data to multiple other customers, as reported earlier Wednesday by Fierce Wireless.
"There was no cyberattack or breach at T-Mobile," the carrier told CNET in a statement. "This was a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved."
Some T-Mobile users took to X (formerly Twitter) to ask T-Mobile about the glitch at the time, as reported by Fierce Wireless, with one saying they were able to see "at least three different accounts information" in their T-Mobile phone app, including "number, billing info and address."
"And ever since then like every 15 minutes it shows another random account!" they posted on X Tuesday night. Multiple other users agreed on the post that they'd seen the same thing.
"Under my account activity, it shows multiple 'payments posted' to my account with multiple different payments that is def not mine," one person said.
While this system glitch affected fewer than 100 people, it follows a massive data breach for the nation's second-largest wireless carrier impacting millions of people in January that prompted questions about T-Mobile's cybersecurity track record. During that breach, a "bad actor" took advantage of one of its application programming interfaces to gain data on "approximately 37 million current postpaid and prepaid customer accounts."
T-Mobile also reported a small data breach in May affecting just over 800 people. That data breach occurred between Feb. 24 and March 30 and was discovered March 27. During the breach, which was caused by hacking, 836 people had their names and driver's license or identification card numbers stolen, as well as possibly their account PIN, Social Security number, date of birth, balance due and phone plan, among other details. Financial account information and call records weren't breached.
Another data breach in 2021 affected 54 million customers and led to a huge $500 million class-action settlement announced in January 2022; and there were also a couple of breaches in December 2021 and November 2022.