U.S. wireless carrier T-Mobile has revealed that 2 million of its customers, including some with metroPCS, were victims of a data breach that exposed names, billing zip codes, phone numbers, email addresses, and even their account type.
Note: e-End provides secure data destruction of hard drives and electronic media to help prevent a data breach of old IT equipment. See how here.
No financial information, Social Security numbers or passwords were exposed in the breach, the company said. All affected customers have been notified.
Notably, the breach occurred on Aug. 20, and the carrier announced the incident less than a week later, showing quick transparency. Data breach reporting timelines have been a crucial element of regulations regarding regulation of personally identifiable information — including Europe’s General Data Protection Regulation, which gives organizations just 72 hours to report to the relevant regulator.
Affected customers with questions can contact T-Mobile about the breach by dialing 611 on their mobile phone. The company has also noted that it is wise to change passwords regularly, even though none were believed to have been exposed in the hack.
With 75 million customers, the breach affected less than 5 percent of T-Mobile’s subscriber base.
Citing a spokesperson at the carrier, Threatpost reported that the breach occurred after hackers took advantage of a faulty API on an undisclosed part of its website. The attacks originated from IP addresses outside of the U.S.