T-Mobile has closed a data breach that exposed phone numbers and possibly diagnostic metrics, following an earlier leak that let out email addresses and other information, according to media reports and the company.
“We are reaching out to let you know about a security incident we recently identified and quickly shut down that may have impacted some of your T-Mobile account information,” Matt Staneff, chief marketing officer of T-Mobile USA, said in a message sent to customers.
The statement continues, “The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs.”
The breach affected less than 0.2% of T-Mobile customers, but that could add up to 200,000 people, based on a total customer count of roughly 100 million, Bleeping Computer reports.
Despite the limited impact, Android Policecalled the breach “the cherry on top of this stupid sundae.”
It adds that “T-Mobile has made itself out to be a frequent victim as it has been affected by at least one big attack every year.”
Moreover, the incident may not be as benign as it seems.
“Although personal information like names and addresses were not accessed, call diagnostic metrics were,” Android Headlines alleges.
Staneff notes that the exposed data included “phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”
The hackers accessed customer proprietary network information (CPN0, as defined by the Federal Communications Commission), Staneff states.
He continues that the company worked with cyber security experts to stop the “malicious, unauthorized access to some information related to your T-mobile account,” and has notified law enforcement.
In March, T-Mobile acknowledged a data breach that exposed employee email addresses that could be used to access customer names and other information, Android Headlines adds.