T-Mobile, the US telecoms firm, has apparently been targeted by another cyberattack after being hit by a large data leak in August.
The damage appears to be far less severe this time around, according to documents posted by The T-Mo Report. Only a small subset of customers appear to be affected.
The documents simply state that some information was released, according to the report, but there is no further information regarding what transpired.
Customers that have been impacted fall into one of three categories. First, a customer may have merely been impacted by a breach of Confidential Proprietary Network Information (CPNI). The billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info are some of the information.
As per the report, “That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers,”
The second type of customers who have been affected is those who have had their SIMs swapped. In order to get control of a phone number, a malicious actor will change the physical SIM card connected with the number.
This can, and frequently does, result in the victim’s other online accounts being accessed with two-factor authentication codes sent to their phone number.
Customers who were affected by the SIM swap had their actions reversed, according to the document.
The third and final category is just a combination of the other two. Customers with affected SIM cards may have had their private CPNI viewed as well as their SIM card swapped.