T-Mobile data breach exposes highly sensitive information for some customers [Update]

T-Mobile Storefront Image
(Image credit: Julian Sullivan/Getty Images)

Update: Tom's Guide has learned that this incident affected about 400 T-Mobile customers. The attacker or attackers seem to have penetrated T-Mobile's systems with the goal of taking over customer accounts, but the intrusion is said to be over and affected customers have been notified.

T-Mobile appears to have suffered yet another data breach, which would make it the company's third data breach in less than a year. 

Unlike the previous set of T-Mobile account compromises, disclosed in late December, this is more serious because it involves "your full name, address, account number, Social Security number, customer account personal information number (PIN), account security questions and answers [and] date of birth."

That's according to a boilerplate letter being sent out to T-Mobile customers whose accounts were compromised, a copy of which was obtained by Bleeping Computer

An unknown attacker apparently "used this information to port your line to a different carrier without your authorization," the letter, dated Feb. 9, adds. "T-Mobile identified this activity, terminated the unauthorized access and implemented measures to protect against reoccurence."

"Ported" or "SIM-swapped" numbers are serious enough, as they can be leveraged to hijack other accounts or steal cryptocurrency. But you could do a lot more than steal a phone number with the information exposed in these apparent account compromises. 

In many cases, all you need to do to fully steal someone else's identity is their full name, date of birth, Social Security number and current street address. All those are part of the compromised T-Mobile data this time around.

Data breach, or individual account takeovers?

For the moment, there's no information on how many T-Mobile customers might be affected. Nor do we know whether the compromised accounts were the result of a mass data breach (as happened last March) or instead a series of individual account takeovers such as might result from weak or reused passwords.

Tom's Guide has reached out to T-Mobile seeking answers to these questions, and we will update this story when we receive a reply.

T-Mobile customers who receive the letters pertaining to this most recent incident or series of incidents will be entitled to two years of free credit monitoring and identity-theft protection provided by TransUnion. They are also being asked to change their account PINs and their account security questions and answers. 

Tom's Guide strongly encourages affected T-Mobile customers to take up the company on its offers of assistance and to follow its advice in securing your account. 

Worried customers can call T-Mobile by dialing 611 from their T-Mobile phones or 1-800-937-8997 from any phone.  

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

  • sjhollandsh
    admin said:
    T-Mobile may have suffered a serious data breach, judging from a letter it recently sent to an unknown number of affected customers.

    Possible T-Mobile data breach exposes highly sensitive personal information : Read more
    And to make matters worse, in order to opt out of their personified ad sharing to 3rd parties as required by California, they want a copy of your id(with a selfie to compare), verify phone number,etc. In other words they don't want you to opt out IMO. If I can log in and pay my bill, that's not good enough to opt out? Thanks
  • Dobriy Her
    Hackers playing with NSA installed backdoors.
    Happens all the time, normally they will blame it on Russian hackers.