T-Mobile experienced a breach of its data affecting almost 3 million customers. The breach occurred Monday morning August 20th, 2018. T-Mobile discovered and stopped the breach and placed a message on its website discussing the nature of the event. T-Mobile’s cybersecurity department reported the hacking to the authorities, but not before some clients’ passwords were compromised.

This is not the first time that T-Mobile has dealt with a significant loss of customer information; they were also particularly harmed by the Experian hack in 2015. That breach compromised customers’ social security numbers and information from identification cards, like passport and driver’s licenses.

T-Mobile-logo- black-background-magenta
T-Mobile Logo

The August 20 breach stemmed from a hack by an unknown group using an exploit of an internal API (application programming interface) on T-Mobile’s servers. The company does not know how long the breach lasted, but an initial assessment made it clear that the following information was accessed: name, billing address, zip code, phone number, email address, account number, and account type (prepaid or postpaid).

The company initially claimed that no credit card information, social security numbers, or any other important financial data was acquired. However, they later updated the information to state that some encrypted passwords were captured in the hack and advised clients to change their passwords.

T-Mobile stated that around 3 million T-Mobile users were affected and that they would send it out specific messages to each of those whose information was captured by the hackers. T-Mobile states that it will text messages to each of the affected customers, but many have criticized T-Mobile’s initial outreach stating that the message itself looks like a phishing attempt.  

Customers cannot do much for server attacks like this regardless of what types of personal security precautions they have put into place. The onus in these situations falls upon the companies to protect their servers and clients confidential information. The extent of damage to the three percent of T-Mobile users affected is yet to be fully understood.