In what sadly seems to be a yearly trend for the company, T-Mobile is announcing that it has suffered another data breach. The company was able to shut down the attack, seemingly while it was in process, and it is sending notifications to customers whose data may have been affected. Unfortunately, it isn't clear what customer information may have been leaked. One notice states that financial information wasn't affected, while another claims that it was.
The attack originated through T-Mobiles email vendor, allowing malicious agents to access certain email accounts and, through them, secure further access to some account information for T-Mobile customers and company employees.
The company appears to be giving out two different notices regarding the breach, and we aren't sure why it has taken the form of two separate announcements. One claims that customer financial data wasn't divulged, while another claims that it was. Both agree on other details, that malicious agents secured access to "names and addresses, phone numbers, account numbers, rate plans and features, and billing information."
Not too many subscribers appear to have been affected, as there are very few reports from individual customers regarding the notification being received. Some are being told that T-Mobile is providing credit monitoring service in restitution for the breach.
We've reached out to T-Mobile for more information regarding the breach (including why the two separate notices disagree about customer financial information), but have yet to hear back. If we learn more, we'll let you know.