“We want to let you know about a sophisticated attack that we recently identified and quickly shut down, which may have impacted some of your account information,” T-Mobile said in a notice.
The company said there was an attack through email that let in some malicious actors.
“Our cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees,” the company said. “An investigation was immediately commenced, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was affected. We immediately reported this matter to federal law enforcement and are actively cooperating in their investigation.”
The company didn’t reveal how many people were affected, but it said financial information like credit cards and Social Security numbers were not affected.
“We regret that this incident occurred,” T-Mobile said. “We take the security of your information very seriously and while we have a number of safeguards in place to protect customer information from unauthorized access, we are also always working to further enhance security so we can stay ahead of this type of activity.”
The information affected included names, phone numbers, account numbers, rate plans and features and billing info.
“We do not have any evidence that the account information contained in the affected accounts has been used to commit fraud or otherwise misused,” the company said. “It is always a good idea to review your account information and update the personal identification number (PIN/passcode) on your T-Mobile account.”
T-Mobile said it is in the process of notifying affected customers.