T-MOBILE has provided clarification on a recent data breach filing, describing it as an insider incident with a very limited impact. According to the Maine Attorney General’s Office, the breach involved unauthorized access to limited information from a T-Mobile account, including the exposed data of full name, email address, physical address, account number and associated phone number, T-Mobile account PIN, date of birth, driver’s licence number, and SSN.
The company said personal financial account information and call records were not impacted, and the affected customer’s account PIN has been reset as a precaution. The Maine AGO notice indicated only one individual was affected, though a placeholder figure of one is sometimes used when the total number is not yet final. T-Mobile told SecurityWeek that only a single account was impacted, with no credentials compromised.
The firm has notified relevant authorities, law enforcement, and the affected customer directly, and noted T-Mobile has disclosed several past breaches, including one affecting 37 million accounts.