- ‘T-Mobile’ has had a security incident that exposed the CPNI data of roughly 200,000 clients.
- The exposed set doesn’t include financial details, passwords, PINs, or email addresses.
- The telco will have to pay a fine for the exposure, but the FCC has been lenient with such cases in the past.
A small number of T-Mobile customers have received notifications of a data breach from their telco, informing them that hackers may have accessed their phone numbers and call records. The American network operator's IT team has discovered the threat fairly recently and then called a cybersecurity firm to help them investigate. According to the findings, someone has accessed the CPNI (Customer Proprietary Network Information), which contains limited but still sensitive data about the subscribers.
T-Mobile told BleepingComputer that less than 0.2% of its entire client-base has been affected by this, which should be around 200,000, so it’s still a report-worthy number. The telecom provider also assured that account holder names, physical addresses, email addresses, credit card data, tax IDs, account passwords, PINs, and any kind of financial data haven’t been compromised as those aren’t stored on the CPNI.
That said if you are a subscriber of T-Mobile, but you haven’t received a notification yet, it means that you are not affected by this incident. Be careful with any messages that request you to take action, like resetting your password or something like that. Crooks are always on the look to exploit opportunities such as this one, so many may receive scamming messages via SMS or email. Do not fall for it. If you are affected, expect to receive a lot of spam via SMS from now on. The best thing to do in this case is to report the numbers.
CPNI data collection is done according to the FCC requirements, and telecommunication service providers have to prepare and submit the associated annual reports that certify their compliance with certain data protection regulations. Failure to protect this data incurs fines, which is what we expect to see in the near future as a result of this incident.
This is not the first or even the second time that we report about a data breach affecting T-Mobile clients. Still, considering the fines that the telecom provider had to pay the previous times data leaked out, they shouldn't be too anxious right now. One thing that we can give to them is that the breaches they suffer are gradually getting smaller, so the safeguards put in place are working to some extent.