T-Mobile data breach affects over 1 million subscribers

T-Mobile says that a “criminal hack” accessed data of some prepaid wireless customers’ accounts.

Devin Coldewey for TechCrunch:

T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor.

The company said in its disclosure to affected users that its security team had shut down “malicious, unauthorized access” to prepaid data customers. The data exposed appears to have been:

• Name
• Billing address
• Phone number
• Account number
• Rate, plan and calling features (such as paying for international calls)

When I asked, a T-Mobile representative indicated that “less than 1.5 percent” of customers were affected, which of the company’s approximately 75 million users adds up to somewhat over a million.

MacDailyNews Take: T-Mobile told customers, “we take the security of your information very seriously,” a claim which, of course, is not supported by the fact that they just ineptly leaked the personal data of over a million people.


  1. “the fact that they just ineptly leaked” — They didn’t “leak” anything. It was stolen.

    Valid to say, “the fact that they ineptly set up inadequate security systems” and maybe “ineptly chose software known for its crappy security record”.

  2. The issue here is that this is the second large breach in several years. Obviously they do not take security seriously. They have major holes. Hack or not. It’s not the hack – it’s the detection of abnormal behavior and proper response. They are not living in zero trust space. Glad I don’t do business with them.

    1. Well, let’s hope you’re glad you don’t do business with the following wireless carriers as well: Verizon, AT&T, or Sprint. Hacking can occur in a variety of ways. A business can be the best at “detection of abnormal behavior and proper response” but one can never prepare from being hacked from within by company “insiders” or the lack of diligence by a second company with whom the original company relies upon.

      Verizon: https://mashable.com/2017/07/13/verizon-data-breach/

      AT&T: https://www.forbes.com/sites/thomasbrewster/2019/08/06/att-insiders-bribed-with-over-1-million-to-unlock-2-million-phones-and-hack-their-employer-doj-claims/#49a0eeb3ce1e

      Sprint: https://www.cnet.com/news/sprint-customer-accounts-breached-by-hackers/

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.