Heads up, T-Mobile customers: the magenta carrier has suffered a data breach.
T-Mobile is now sending text messages to customers who have been affected by a malicious attack against T-Mo. T-Mobile explains that its email vendor was the target of an attack that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained T-Mo customer account info.
T-Mobile is in the process of notifying customers affected, and as noted by Reddit users who have received texts from T-Mo, it seems that there are two different support pages. One is for customers who had their names, addresses, phone and account numbers, rate plans, and billing info accessed, but not their financial details and Social Security numbers.
Meanwhile, a second page tells affected customers that their financial account info, SSNs, and government identification numbers may have been accessed in addition to their names, addresses, rate plans, and billing info.
For those customers whose financial info and SSNs were accessed, T-Mobile is offering two years of free credit monitoring and identity theft detection services from TransUnion. These people can go here and enter the 12-digit activation code provided to them by T-Mobile. Affected customers must sign up by May 31, 2020.
T-Mobile does say that even though some customers' financial info was accessed in this data breach, it has no evidence to suggest that any personal information has been used to commit fraud.
Getting back to the attack itself, T-Mo says that it "recently identified and quickly shut down" the "sophisticated attack". It then began an investigation aided by cybersecurity forensics experts. T-Mobile also reportedly the breach to federal law enforcement and is assisting in their investigation.
T-Mobile has not revealed how many customers were affected by the attack nor when it happened.