Cyber Incident Victim: T-Mobile US

On or around March 3, 2020, T-Mobile US experienced a security breach involving unauthorized access to employee email accounts through a malicious attack targeting its email vendor. The company disclosed the incident publicly on March 4, confirming that attackers successfully compromised certain employee email systems containing sensitive information about both customers and employees. Exposed data included names, addresses, phone numbers, account numbers, rate plans, service features, and billing details for affected individuals. A subset of impacted users had more sensitive information exposed, including Social Security numbers, government-issued identification numbers, and financial account information. The breach affected current and former customers alike, though T-Mobile did not specify the total number of compromised accounts. The company's security team intervened to stop the attack but provided no technical details about the intrusion methods or duration of unauthorized access prior to detection.

T-Mobile initiated customer notifications via SMS messages, differentiating alerts between users whose basic account information was exposed and those whose financial or government ID data was compromised. The company advised all affected customers to change their account PINs or passcodes as a precautionary measure. This marked T-Mobile's second disclosed breach within six months, following a November 2019 incident that impacted a limited number of prepaid service subscribers. The disclosure occurred amid multiple security incidents affecting T-Mobile's then-merger partner Sprint, which had reported breaches in May and July 2019. T-Mobile declined to provide additional details about the March 2020 attack's origin, scope beyond the described data categories, or identity of the threat actors when contacted by media. No information was disclosed regarding containment procedures beyond the cessation of the email system compromise.