Staffer emails compromised and customer details exposed in T-Mobile US's third security whoopsie in as many years

T-Mobile US was hacked by miscreants who may have stolen some customer information.

The telco did not specify exactly when the intrusion took place (and has yet to respond to questions from The Register) in its Notice Of Data Breach.

The hackers gained access to employee email accounts, which contained customer account information. The data included names, addresses and phone numbers as well as rate plans. T-Mobile US was quick to reassure punters that financial information and Social Security numbers were not exposed.

Presumably its employees don't send that sort of stuff around in email form.

The attack itself was against T-Mobile's email vendor, and led to ne'er-do-wells gaining "unauthorized access". The usual act of slamming the stable door long after the horse has bolted is under way with the company "reviewing" its security policies and procedures "to enhance how we protect these systems". It has also reported itself to federal law enforcement as well as beginning the grim task of informing customers.

Far be it from us to suggest that T-Mobile US is prone to springing the odd security leak or two, but back in 2018 the personal details of 2 million customers were spaffed, again with no financial data, and more than a million prepaid account holders had their privates ogled after the carrier was compromised again in 2019.

The UK tentacle of the brand was borged into Everything Everywhere in 2010, which became the EE we all know and love today. The companies are quite separate entities and The Register understands that UK customers of the former T-Mobile brand are not affected.

T-Mobile US reported strong customer growth last year, with more than 86 million by the end of Q4 2019 and revenues for the year at $34bn (PDF), although lurking in the small print where the company disclosed factors that might hit future results it does warn that "inability to implement and maintain effective cyber security measures over critical business systems; breaches of our and/or our third-party vendors' networks, information technology and data security, resulting in unauthorized access to customer confidential information" might cause a wobble or two. ®