Some T-Mobile US Inc. customers logged into their accounts Wednesday to a surprise: Another subscriber’s billing and account information was being shown on their online dashboards.
Subscriber data including credit card information, home addresses, phone numbers and account balance were shown to the wrong people, T-Mobile customers said on social media.
T-Mobile confirmed the data leak in a statement to Bloomberg News, calling it a “glitch” that caused some subscriber account information to appear on other subscribers’ profile pages.
“There was no cyberattack or breach at T-Mobile,” the company said in its statement. “This was a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved.”
“Payment data was masked,” a spokesperson added.
T-Mobile has had several instances of customer data compromises over the last few years. In 2021, a hacker stole the personal information, including Social Security numbers and driver’s license information, of more than 13 million active and 40 million prospective T-Mobile customers. The company settled a class-action suit related to that breach for $500 million last year.
While the glitch today wasn’t a data theft, it still alarmed security researchers. “Good news that it wasn’t a large number of people hit by a bad guy,” said Chester Wisniewski, a director at cybersecurity firm Sophos.
“It is purely an internal issue, but quite a significant one if the sensitive information people are reportedly seeing belongs to other people,” he said.
T-Mobile shares fell as much as 0.7% Wednesday while its wireless peers were up. The stock was down 0.3% to $142.01 at 2:13 p.m. in New York.