This week, T-Mobile told a number of prepaid customers that their personal information might have been compromised by a hacker attack.
Recently, the company found unauthorized access to certain prepaid mobile accounts. These accounts may keep names, billing addresses, telephone numbers, account numbers, and information about mobile plans and features of customers (e.g. whether they are using an international telephone calling feature).
This last piece of information is customer-owned network information (CPNI) in compliance with US law. The Federal Communications Commission (FCC) is therefore required to notify the individuals affected. The telecommunications company has reported the incident to authorities.
T-Mobile claims that the incident was not concerning any financial information, social security numbers, or passwords (such as payment card data).
Impacted customers were informed via SMS and urged them to verify or change their PIN for additional protection in their T-Mobile account.
No data on the attack itself has been released and it is not known how many consumers have been affected. Since T-Mobile does, however, have millions of prepaid customers, even a small percentage of victims could be significant.
The incident was disclosed roughly one year after T-Mobile announced that it had suffered a data breach that impacted over two million customers. This assault also resulted in hackers obtaining personal information.