US telecom T-Mobile has confirmed it suffered a data breach, but maintains that no financial or password data was accessed.
T-Mobile has revealed that a hacker infiltrated its system and obtained the personal data of more than a million of its customers in the US. Though the company maintains that no financial or password data was revealed, exposed data included names, billing addresses, phone numbers, account numbers and the rate plans and purchased features of some of the company’s prepaid data customers.
The company said in a disclosure notice: “Our cybersecurity team discovered and shut down malicious, unauthorized [sic] access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities.
“None of your financial data (including credit card information) or social security numbers was involved, and no passwords were compromised.
“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorised access. We truly regret that this incident occurred and apologise for any inconvenience this has caused you.”
Speaking to TechCrunch, the company claimed that less than 1.5pc of customers were impacted, which would represent more than a million people, adding that the breach was discovered in early November and shut down “immediately”.
Though no passwords were accessed, users were warned to proceed with caution and encouraged to regularly change their passwords and check up on account details.
US data breaches
In other US-based data breach news, 19 December has been earmarked as the day that district judge Thomas Thrash of Atlanta will hold an approval hearing for the $31m in compensation set out for victims of the 2017 Equifax data breach.
In July, the Wall Street Journal reported that the company was in talks to settle with the Federal Trade Commission over the incident for $700m. Though not all affected customers are expected to receive financial compensation – as the number of people implicated means that the claimants would get just $0.21 each – others will be entitled to free credit monitoring.
However, a number of plaintiffs in a class action against the company have filed formal objections to the settlement, according to Charlie Warzel, privacy reporter and opinion columnist for the New York Times.