Posted on January 4, 2021 at 1:43 PM
A report reveals that hackers may have accessed the call records of some T-Mobile customers in a recent breach.
However, T-Mobile says that the hacking attack did not expose the customers’ names, email addresses, physical addresses, passwords, tax IDs, social security numbers, or credit card information.
Hackers compromised customers’ call records
The hacking incident was initially reported by Bleeping Computer before T-Mobile confirmed the incident. According to the telecommunications giant, the threat actors accessed the proprietary network information (CPNI) of its customers, including call records and phone numbers.
“Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed,” T-Mobile stated.
The T-Mobile website says that the hackers were able to access customers’ data, including the data submitted by the customers and those made by T-Mobile.
As a result of the discovered attack, the company immediately shut down its systems to protect other systems and stop further malicious attacks.
Prepaid account data also compromised
T-Mobile revealed that it has started investigating the situation and contacted U.S. top cybersecurity forensic experts to help with the investigation.
The company said the investigation is to determine what happened to the data stolen from T-Mobile users. The company has also reported the incident to U.S. law enforcement and preparing to notify customers who may be affected.
The call record the hackers accessed include information on the time the call was made, its duration, phone number destination for each call, the caller’s phone number, and other information that could be found on the customer’s bills.
The report did not reveal when exactly T-Mobile detected the breach but stated that the company has yet to notify customers who may have been affected.
0.2% of T-Mobile customers
A spokesperson for T-Mobile reported that the breach did not affect a lot of T-Mobile customers, saying only 0.2% of the customers were affected.
However, looking at the company’s customer base, the number of customers affected could reach 200,000. The security incident is not the first time the company has faced a similar security issue.
The 2018 hack was bigger than the recent hack in terms of customers’ impact. As of then, the company said the personal information of about two million customers may have been compromised. Barely 12 months after the incident, T-Mobile announced that hackers have been able to compromise the personal records of an additional one million prepaid customers. But T-Mobile did not reveal whether the hackers for both attacks have connections.
T-Mobile has suffered more attacks in the past
Around March last year, the company confirmed a report by ZDNet that hackers infiltrated the email systems of the firm. The attack earlier this year exposed the financial information of some T-Mobile customers, as well as their social security numbers and other account information.
The attack had access to several T-Mobile employee accounts. In the same hacking attack, the threat actors allegedly compromised some of T-Mobile’s customers’ data.
T-Mobile customers and the public have voiced their disdain over the company’s security approach due to the numerous attacks the company had to face.
Despite the security challenges, the telecom giant is still doing great in the market. It recently completed a merger deal of about $26 billion with Sprint. Presently, T-Mobile is the third-largest call center carrier in the United States when it comes to market capitalization. The company has been expanding its market to other regions and is visible in several parts of the world.
The latest breach, although not as massive as previous ones, may taint the company’s image. It also serves as a reminder that hackers are always looking for loopholes to launch attacks on systems and networks.
As of the time of writing, customers have not been contacted about the latest breach. But the email will include advice on actions customers should take to prevent being victims of extortion attacks.