Facepalm: The last thing Sprint needs in the middle of a complicated acquisition bid with T-Mobile is a security breach but that's exactly what has happened. The full scope of the breach hasn't yet been shared so we don't know how big of a deal this really is right now.
Sprint is in the process of informing customers about a security breach that occurred last month.
In a letter to affected customers, Sprint said it learned of the unauthorized access on June 22, 2019. According to the nation's fourth largest wireless carrier, hackers gained access through the "add a line" portal on Samsung's website.
Potentially exposed data includes phone numbers, first and last names, billing addresses, device types, device IDs, monthly recurring charges, subscriber IDs, account numbers, account creation dates, upgrade eligibility and add-on services. Sprint said no other information "that could create a substantial risk of fraud or identity theft" was acquired which, technically speaking, doesn't rule out the possibility that other, lesser information was also compromised.
The carrier said it took appropriate action to secure impacted accounts from unauthorized access. In the sample e-mail supplied by ZDNet, Sprint said it "re-secured your account on June 25, 2019" by resetting the PIN.
Sprint hasn't revealed how many accounts were impacted by the breach, nor do we know when the breach first occurred (only the date Sprint was made aware of the unauthorized access). ZDNet reached out with those questions and more but a response was not received in time for publication.
Masthead credit: A Sprint store in the University City neighborhood by Michael Candelori