The US branch of telecommunications giant T-Mobile disclosed a security breach today that impacted a small number of customers of its prepaid service.
The company said its cybersecurity team “discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account.”
Exposed data included details such as customer names, billing addresses, phone numbers, account numbers, rate plans, and plan features.
T-Mobile said hackers didn’t access any sensitive information such as passwords, financial information, or social security numbers.
The telco said it notified law enforcement of the incident, and is now reaching out to customers.
Impacted users should have received an SMS today, but if users have changed numbers or have switched to other provides and would like to find out if they’ve been impacted, they can contact and ask the company for confirmation at firstname.lastname@example.org.
T-Mobile said all impacted users should change account passwords and PIN codes. Additional details are available in a T-Mobile support page.
T-Mobile joins Sprint as the second major US telco to disclose a security breach this year. In July, Sprint said hackers accessed some customer data via the Samsung official website. Earlier this year, in May, Sprint also disclosed another breach when it said hackers used Boost phone numbers and Boost.com PIN codes to access users’ Sprint accounts.
T-Mobile did not return a request for comment seeking additional details about the incident.