On August 20, our cybersecurity team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or Social Security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).
Following this, as Kaspersky Lab’s Threatpost reports, T-Mobile sent out text messages to the 2.3 million customers that are most at risk of being affected by the breach. The T-Mobile data breach itself, as the company reported to Kaspersky Lab, was a result of an attack on what was called a “leaky API” on an undisclosed part of its website. T-Mobile states that the breach was quickly discovered and shut down by their security team. The company went as far to say in their statement that the breach was “a one-off that was dealt with extremely fast” and that “it’s not an ongoing issue” with “no additional threat.”
While I am glad that T-Mobile is confident that their security response was swift and thorough, I wouldn’t advise potentially affected customers to let their collective guards down just yet. Continuing to monitor accounts that could be affected by the breach would be the most intelligent decisions. Even though T-Mobile said that it flagged every affected account and will continue to monitor them for suspicious activity, it is difficult to believe that all 2.3 million accounts can be monitored effectively at all times.
You are your own best defense against extensive damage caused by this breach.
Featured image: Shutterstock