The information exposed did not include any financial information, social security numbers or password data. The cyber thief got users’ names, billing addresses, phone numbers, account numbers and plan information.
Data about rates and features are considered customer proprietary network information (CPNI). Under FCC rules, telecommunication firms are required to promptly notify users when there is a breach.
In a disclosure to affected customers, T-mobile said there was a data breach affecting prepaid data customers.
“Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised,” said the disclosure.
A T-Mobile representative told reporters that the incident affected “less than 1.5 percent” of its roughly 75 million users.
The representative also stated that the attack was discovered in early November and shut down “immediately.” The company did not reveal details about the database, length of exposure time or how it was fixed, reporters said.
In August 2018, T-Mobile told customers in a blog post that a cyber-attack exposed the personal information of about 3 percent of its users. Just as in this latest breach, last year’s hackers didn’t steal financial information, social security numbers or passwords.
According to recent research from Kaspersky Lab, the average cost of a data breach is on the rise worldwide. The company found that in 2018, breaches cost a company $1.23 million on average for enterprises. That is 24 percent higher than in 2017.
In addition, North America is the most expensive location for an SMB to suffer a data breach compared to all seven regions in the study. SMBs in the U.S. and Canada have the highest recovery cost, at $149,000 on average.