T-Mobile has begun informing its wireless customers that a recently detected data breach may have resulted in the compromise of their personally identifiable information.
Notices posted on T-Mobile’s website says the telecommunications company recently became aware of a “sophisticated attack” that could have potentially exposed customer records.
“Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees,” reads the notices.
Information potentially compromised as a result of the breach could include customer names and addresses, as well as account details such as rate plans and features, according to the telecom company. Social Security numbers, financial account information and government identification numbers may have also been accessed in some instances, the company said.
T-Mobile said it has no evidence any data improperly accessed was used to commit fraud or otherwise misused, but that it is offering free credit monitoring and identity theft detection services to customers whose information may have been exposed.
“We regret that this incident occurred,” T-Mobile said in the notices disclosing the data breach, which are undated but first noticed by reporters on Wednesday this week. “We take the security of customer information very seriously and while we have a number of safeguards in place to protect customer information from unauthorized access, we are also always working to further enhance security so we can stay ahead of this type of activity.”
T-Mobile also said it has begun investigating the matter with help from leading cybersecurity experts and has reported the breach to federal law enforcement.
The FBI declined to comment, and T-Mobile did not immediately return a message seeking additional details about the security breach.
The incident marks the second time in six months T-Mobile has disclosed a security breach. The company previously announced in November that a small number of customers of its prepaid service were affected by an incident that similarly exposed names, contact information and account details but no financial information or Social Security numbers.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.