T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers.
The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid).
However, the good news is that no financial information like credit card numbers, social security numbers, or passwords, were compromised in the security breach.
According to a brief blog post published by the company detailing the incident, its cybersecurity team detected and shut down an "unauthorized capture of some information" on Monday, August 20.
Although the company has not revealed how the hackers managed to hack into its servers neither it disclosed the exact number of customers affected by the data breach, a T-Mobile spokesperson told Motherboard that less than 3 percent of its 77 million customers were affected.
The spokesperson also said that unknown hackers part of "an international group" managed to access T-Mobile servers through an API that "didn’t contain any financial data or other very sensitive data," adding "We found it quickly and shut it down very fast."
T-Mobile said the company informed law enforcement about the security breach and is reaching out to its affected customers directly via SMS message, letter in the mail, or a phone call to notify them as well.
"We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access," T-Mobile said. "We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you."