An unauthorized individual or group gained access to computer systems used by T-Mobile that contained some sensitive customer data, the company acknowledged in an alert sent to customers last week.
The compromised data included some phone numbers and account information like call logs but did not include names, addresses, credit card information or other personal-identifying information, the company said.
“Our cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account,” the message sent to customers and posted online said. “We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved.”
T-Mobile said it alerted federal law enforcement officials about the breach.
The attack is the second involving T-Mobile customer data in less than a year, with an earlier phishing campaign reported against some of T-Mobile’s employees in March 2020. In that attack, hackers compromised more-serious account-related information, including customer names and addresses, the company said.
In 2019, the company said data related to its prepaid customers was also compromised by hackers.