T-Mobile announced yesterday news of a security breach that affects both customers and employees. According to the statement made by T-Mobile, an attacker targeted their email vendor which allowed for unauthorized access to “certain T-Mobile employee mail accounts.” The compromised employee accounts contained account information for T-Mobile customers and employees. The accessed information may have contained names, addresses, phone numbers, account numbers, rate plans and features, and billing information. T-Mobile pointed out that payment card data and Social Security numbers were not part of the exposed information. The company is in the process of sending notifications to all of the impacted customers but have not said how many people that is. T-Mobile is urging all customers to change their PIN or passcode for their account as a precaution whether a notice is received or not.
Analyst Notes
In cases such as these, it is best to err on the side of caution and change account passwords not only for the impacted account but also for any other accounts which may have similar passwords. It is never advisable to use similar passwords across multiple accounts. A password manager should be utilized to generate and maintain unique passwords for each account. It is also important to note that any time that contact information is breached, the possibility of the victims becoming targets for phishing emails or scam phone calls increases as well.
More information on this breach can be found at:
https://www.zdnet.com/article/t-mobile-says-hacker-gained-access-to-employee-email-accounts-user-data/
The breach notification from T-Mobile can be found at: https://www.t-mobile.com/responsibility/consumer-info/cpni-notice
