T-Mobile has announced to its customers that on August 20, their cyber security team discovered and shut down an unauthorized access.  The information exposed may have included names, billing zip codes, email addresses, phone numbers and account types (prepaid or postpaid.)  A T-Mobile spokesperson indicated about 3% of the company's 77 million users were affected by the unauthorized access.  This equates to approximately 2 million users.

T-Mobile customers can dial 611 to contact customer care for more information.  While the announcement indicates passwords were not compromised it is good practice to regularly change them.

A security weakness was discovered last May which allowed customer data to be accessed on a T-Mobile subdomain used by staff without the necessity for a password.  Prior to that, another vulnerability had been discovered which exposed customers' email addresses, IMSI numbers, and billing accounts.