- The Washington Times - Monday, January 4, 2021

T-Mobile acknowledged Monday a major hack involving customers’ cellphone data.

Tens of thousands of customers had their phone call-related information taken by the hackers, who do not appear connected to the SolarWinds cyberintrusions of the federal government and major corporate networks.

In a statement to customers on its website, T-Mobile said hackers took phone call-related information and did not gain access to financial data, Social Security numbers, or physical addresses. The hackers appear to have instead opted for information revealing who customers called, when they did so, how long they talked, and related information.

“Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed,” T-Mobile’s statement reads. “The CPNI accessed may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”

T-Mobile’s statement said its cybersecurity team discovered the breach, began investigating what happened and contacted law enforcement. T-Mobile said Monday that it identified the hack in early December and shut down the incident.

The company said it began last week notifying victimized customers, which it estimated as “less than 0.2%” of its customers but reportedly numbered around 200,000.

The company did not provide details about who was responsible for the hack.

The hack was not the only data breach the company experienced in 2020. Last year, the company suffered a data breach affecting employees and customers where some government identification numbers, financial information, and Social Security numbers were exposed, according to ZDNet.

There is no indication that the breach at T-Mobile is connected to the SolarWinds hack. SolarWinds is a Texas-based software company whose product was exploited by hackers to gain access to the networks of its customers, which include many government agencies and large corporations. Details about the SolarWinds hack became public in December but its origins could date back several years.

Information about what the hackers took and the full picture of who was breached remain unknown, but many federal agencies are believed to have been affected including the Treasury Department, Commerce Department, Energy Department, State Department, Department of Homeland Security, National Institutes of Health, and parts of the Pentagon.

While cybersecurity experts have pointed to Russia as the likely culprit of the SolarWinds breach, President Trump has suggested China may have been involved. President-elect Joseph R. Biden said late last month that he thought the federal government needed to make an official attribution of who was responsible for the hack and that international rules are necessary for cybersecurity.

• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide