T-Mobile US has informed customers about a potential security breach. The telecoms company said it had discovered a fresh attack, but was able to quickly shut down unauthorized access to personal information.
T-Mobile US and its unit Metro PCS told customers that cybersecurity staff found and shut down unauthorized access to certain information on August 20 and immediately reported the matter to authorities.
The company added that no financial data, social security numbers or passwords were compromised during the attack on its networks, admitting, though, that other personal information like names, email IDs, phone numbers as well as account numbers or account types (postpaid or prepaid) may have been exposed.
T-Mobile said that about 3 percent of its 77 million customers could have been affected (roughly 2 million people potentially affected).
Who did it?
A spokesperson for the telecoms firm said the incident occurred after hackers compromised its servers through an API, an application programming interface as a set of routines, protocols and tools for building software applications.
T-Mobile did not specify whether it knew who was behind the intrusion.
"We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access," the company told its customers.
"We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you."
hg/jd (Reuters, T-Mobile)