In a statement Friday, T-Mobile admitted that hackers have breached its systems and stole customer data, including names, addresses, account numbers, and billing zip codes. The company said that it discovered the security breach on August 20th and immediately shut it down.
According to Motherboard, a company representative said that around three percent of T-Mobile customers may have been affected, meaning around two million accounts. T-Mobile CEO John Legere said on Twitter that it’s “always a good idea to regularly change account passwords,” and T-Mobile admitted that some encrypted passwords may have been in the data stolen.
T-Mobile does get credit here for attempting to notify customers shortly after discovering the breach. According to the company’s timeline, the breach was only discovered on August 20th, and affected customers began to be notified by text message this morning. However, the text does look suspiciously like a phishing attempt, complete with a link to a shortened URL to learn more:
The full statement is below:
Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information.
On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).
If you have questions about this incident or your account, please contact Customer Care at your convenience. If you are a T-Mobile customer, you can dial 611, use two-way messaging on MyT-Mobile.com, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and MyT-Mobile.com. If you are a T-Mobile For Business or Metro PCS customer, just dial 611 from your mobile phone.
We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.