After an incident that affected 836 customers, T-Mobile disclosed its second breach of 2023. The attack began on Feb. 24 and ended on March 30, and it allowed the attackers access to customers' personal information.
This breach is less severe compared with those the company has experienced in the past, where millions of people were affected; however, the amount of information that was revealed in this breach is still extensive, potentially exposing T-Mobile's customers to identity theft and phishing attacks.
The information that the attackers could have received varied for each customer but did not include call records or financial information in personal accounts. Instead, it's possible that the attackers now have access to personally identifiable information (PII) such as "names, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts, and the number of lines," the company wrote in a letter sent to the affected customers.
T-Mobile has since reset account PINs and credit for two years' worth of credit monitoring and identity theft detection services.