T-Mobile breach exposes data on 2 million customers

Hackers have breached T-Mobile servers, exposing personal information on roughly 2 million customers, the mobile carrier has confirmed.
T Mobile Sign at building in Berlin. (Getty)

Hackers have breached T-Mobile servers, exposing personal information on roughly 2 million customers, the mobile carrier has confirmed.

Affected customers’ names, phone numbers, billing zip codes, email addresses, account numbers and account types may have been accessed, T-Mobile said. However, financial data, such as credit card or social security numbers, were not exposed.

“On August 20, our cybersecurity team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities,” T-Mobile said in a statement.

“This was quickly discovered by our security team and shut down very fast,” a T-Mobile spokesperson told CyberScoop. “There’s no additional threat.”


Asked who was responsible for the breach, the spokesperson said “it was an international group” of hackers who accessed the company’s servers through an API. “It was a small percentage of our 77 million customers that was affected (about 3 percent),” the spokesperson said.

Mobile carriers store troves of personal data, and have been known to sell or provide that data to third parties like marketers and data vendors. Those practices came under scrutiny following a New York Times report in May showing that vendor Securus Technologies could use data from mobile carriers to pinpoint nearly any phone user in the country. The security and privacy implications of Securus’s surveillance tool came into sharp focus when the company was breached by hackers, as Vice’s Motherboard reported.

In June, T-Mobile, AT&T, Verizon, and Sprint said they would stop providing real-time location information on phone users to data brokers following pressure from Sen. Ron Wyden, D-Ore., to end those practices.

After this week’s breach, T-Mobile emphasized that it had strong security practices in place.

“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access,” T-Mobile’s statement says. “We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.”


Motherboard was first to report on the data breach.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts