T-Mobile has suffered a data breach that saw personal information of more than 2 million US customers stolen by cyber criminals, the mobile carrier confirmed.
Customers’ real names, billing address, phone number, email address, account number and account type (prepaid or postpaid) were all exposed to hackers.
However, T-Mobile claims no credit card or payment information was stolen.
The data breach was detected and successfully shut down by T-Mobile’s internal cyber security team. The company is currently reaching out to those who may have been impacted by the data breach.
T-Mobile has informed the authorities about the stolen data.
Scroll down for video
T Mobile said customers’s names, addresses, phone number, email address, account number and account type (prepaid or postpaid) were all exposed. It claims no payment or card information had been taken (file photo)
US mobile network T-Mobile informed customers yesterday about the hack.
As many as 3 per cent of T-mobile’s 77 million US customers may have been affected, a company spokesperson has confirmed.
The firm’s cyber-security team found and shut down unauthorised access to the restricted information, T-Mobile said in a statement on its website.
It reads: ‘Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information.
‘We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorised access.
HOW TO CHECK IF YOUR DATA WAS STOLEN IN THE T-MOBILE HACK
T-Mobile gave a statement on the recent data breach via its website.
The firm revealed that anyone whose data has been stolen either has been or shortly will be notified via a text message.
Those who have yet to receive an alert are likely unaffected by the breach.
The company also revealed that no payment or financial information was exposed.
Personal data including phone numbers and addresses was accessed by hackers, however.
‘We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.’
Although the data breach may alarm customers, the most sensitive information – like credit card data, passwords and social security numbers – were contained.
T-Mobile followed industry ‘best-practice’ protocols correctly, experts say.
Andy Norton, director of threat intelligence at Lastline, an American cyber security company and breach detection platform provider based in Redwood City, California, said: ‘It looks like T-Mobile are following industry best practise of “abundance of caution” when handling personal information and possible breaches.
‘If only more organisations had a culture of being abundantly cautious with their cyber security implementations.
This comes just days after Superdrug became the latest high-street brand to be targeted by hackers holding customer data to ransom.
About 3 per cent of T-mobile’s 77 million customers could have been affected. Although the data breach may alarm customers, it has been revealed it was contained and T Mobile followed industry ‘best-practice’ protocols correctly (file photo)
According to the store, hackers contacted them on Monday evening saying they had obtained details on approximately 20,000 customers.
Superdrug said customers’ names, addresses, dates of birth, phone number and points balances may have been accessed from its databases.
No payment or card information was stolen in the data breach, it confirmed.
So far, Superdrug has seen 386 of the accounts compromised.
A spokeswoman for the company said: ‘The hacker shared a number of details with us to try and “prove” he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.’
Customers who may have had their data harvested received an email and were asked to change their passwords, and to change them regularly in the future.
The email read: ‘We have contacted the Police and Action Fraud (the UK’s national fraud and cyber crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers’ data incredibly seriously.’
HOW CAN YOU PROTECT YOUR INFORMATION ONLINE?
Because hackers are becoming more creative, security experts are warning that consumers need to take all possible measures to protect their identities (file photo)
- Make your authentication process two-pronged whenever possible. You should choose this option on websites that offer it because when an identity-specific action is required on top of entering your password and username, it becomes significantly harder for fraudsters to access your information.
- Secure your phone. Avoiding public Wifi and installing a screen lock are simple steps that can hinder hackers. Some fraudsters have begun to immediately discount secure phones altogether. Installing anti-malware can also be beneficial.
- Subscribe to alerts. A number of institutions that provide financial services, credit card issuers included, offer customers the chance to be notified when they detect suspicious activity. Turn those notifications on to stay informed about credit card activity linked to your account.
- Be careful when issuing transactions online. Again, some institutions offer notifications to help with this, which will alert you when your card is used online. It might also be helpful to institute limits on amounts that can be spent with your card online.