T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of “some” personal information of up to 2 million T-Mobile customers.
The leaked information includes customers’ name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid).
However, the good news is that no financial information like credit card numbers, social security numbers, or passwords, were compromised in the security breach.
According to a brief blog post published by the company detailing the incident, its cybersecurity team detected and shut down an “unauthorized capture of some information” on Monday, August 20.
Although the company has not revealed how the hackers managed to hack into its servers neither it disclosed the exact number of customers affected by the data breach, a T-Mobile spokesperson told Motherboard that less than 3 percent of its 77 million customers were affected.
The spokesperson also said that unknown hackers part of “an international group” managed to access T-Mobile servers through an API that “didn’t contain any financial data or other very sensitive data,” adding “We found it quickly and shut it down very fast.”
T-Mobile said the company informed law enforcement about the security breach and is reaching out to its affected customers directly via SMS message, letter in the mail, or a phone call to notify them as well.
The U.S. telecom giant is also encouraging affected customers to contact its customer service through 611 for any information regarding the breach.
The T-Mobile incident marks the latest high-profile data breach and adds itself to the list of that other recent high profile attacks took place against Carphone Warehouse that affected its 10 million customers, and Ticketmaster that affected tens of thousands of its customers.