The most worrying revelation is by far the total number of customers reportedly affected by the breach, closely followed by the period of time during which hackers went unnoticed while accessing and stealing people’s data.
Naturally, the Federal Communications Commission is now on the case, opening an investigation into what’s (rightfully) being described as “the latest in a string of data breaches at the company.” Our original story follows below.
T-Mobile has sure had its fair share of data breaches in recent years, making headlines for all the wrong reasons a lot more frequently than Verizon and AT&T, but to its credit, the “Un-carrier” appears to be handling the latest such situation admirably and unusually well.
It’s certainly nice to get clear information directly from your mobile network operator ahead of anyone else in these cases, and it’s especially nice when said information includes a lot of good news… considering.
While the number of “impacted customers” T-Mo is “currently in the process of informing” about this breach remains unknown, by far the best news delivered today is that “no passwords, payment card information, social security numbers, government ID numbers, or other financial account information” appears to have been compromised… this time around.
On the not so bright side of things, “some basic customer information” was breached, and as hard as Magenta might try to minimize the importance of keeping stuff like names, billing addresses, emails, phone numbers, birthdates, account numbers, the number of lines on an account, and service plan features private, it’s totally not cool to know that someone gained access to all of that without your approval.
There’s obviously no need to change any passwords or take any special security measures if you’re notified of a breach on your account, at least if T-Mobile doesn’t discover anything new and radically different in the near future.
For the time being, the nation’s second-largest wireless service provider seems pretty confident that the “issue” was permanently “shut down” and all of the danger removed “within 24 hours” of initially identifying the breach, caused by a single API (Application Programming Interface) deployed by an unnamed “bad actor.”