T-Mobile hit with yet another data breach, some customers’ call records accessed

T-Mobile has announced that it suffered a security breach in early December, which may have exposed account information of some of its customers. As per the notice on the carrier’s website, the breach affected 0.2% – or roughly 200,000 customers (via BleepingComputer).

Our Cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account. We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers.

While the hackers weren’t able to access any sensitive information such as names on the account, email addresses, credit card details, social security numbers, or passwords — some T-Mobile account information may have been impacted. The hackers were successful in accessing what is known as customer proprietary network information (CPNI). The CPNI accessed by the hackers may have included details such as the phone number, number of lines subscribed to, and call-related information collected by T-Mobile as part of the normal operation.

This isn’t the first time that T-Mobile has fallen victim to a data breach. In 2018, a data breach at T-Mobile exposed the personal information of nearly 2 million customers. In November 2019, hackers accessed the names, addresses, and account numbers of some of its prepaid customers. Just months later, T-Mobile employee email accounts and some customer information were accessed by hackers in “a malicious attack” against its email vendor.