T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records.
Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information.
According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI.
The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.
“Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed. The CPNI accessed may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service,” T-Mobile stated in a data breach notification.
T-Mobile states that the data breach did not expose account holders’ names, physical addresses, email addresses, financial data, credit card information, social security numbers, tax IDs, passwords, or PINs.
In a statement to BleepingComputer, T-Mobile stated that this breach affected a “small number of customers (less than 0.2%).” T-Mobile has approximately 100 million customers, which equates to around 200,000 people affected by this breach.