T-Mobile's security team has shut down the "malicious, unauthorized access" to its customers' data and the attempt has been reported to the authorities. The data accessed by the attackers includes names, billing addresses, phone numbers, account ID, and details like cellular plan, payment rate, and the features that are included.
On the upside, no financial information or passwords were exposed, and the company did alert users who's data has been targeted in the attack. The company has notified users as mandated under telecom's regulations.
The overall scale of the attack is estimated at 1.5 percent of the company's 75 million users. The carrier's security team first noticed the attack earlier this month. However, T-Mobile hasn't said how long the attack had been going on before it was stopped. And while the data exposed isn't particularly damaging, it could be used for online identity theft and fraud.
This follows a Facebook data breach that exposed the phone numbers of 400 million users, and a DoorDash incident where attackers were able to get their hands on the financial details of almost 5 million merchants and customers.
As usual in this kind of situation, it's best to change your account password even if you weren't notified by T-Mobile. And never reuse passwords across different services or websites.