T-Mobile confirmed a data breach which impacted its customers. Last week, the mobile service provider said in a statement:
"On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid)."
Affected customers are being notified. The statement did not disclose the number of affected customers, exactly how criminals breached its systems, nor the specific actions T-Mobile is taking to prevent this type of breach from happening again. The lack of detail is discouraging and does not promote trust.
"... the breach affected about 3 percent of T-Mobile's 77 million customers, or 2 million people... In May, researchers detected a bug in the company's website that allowed anyone to access the personal data of customers with just a phone number. The company is waiting for regulatory approval of a proposed $26.5 billion takeover of Sprint, the fourth-largest carrier in the United States."
So, criminals have stolen enough information to do damage: send spam via e-mail or text, and conduct pretexting (e.g., impersonate others to take over online accounts by resetting passwords, and/or gain access to payment data).
If you received a breach notice from T-Mobile, how satisfied are you with the company's response?