T-Mobile suffers another, smaller data breach

T-Mobile confirmed on Wednesday that it has suffered another data breach, just a few months after a huge breach in August^[1]. The new breach has affected a smaller group of customers, who received notifications of "unauthorized activity" that consisted of hackers checking out customer proprietary network information, pulling off a physical SIM swap, or both, says^[2] a Tuesday post by blog The T-Mo Report. 

"Customer proprietary network information," or CPNI, includes all the data T-Mobile has about your phone calls^[3], which, according to the carrier, means "features of your voice calling service (e.g., international calling), usage information (like call logs — including date, time, phone numbers called, and duration of calls), and quantitative data like minutes used." CPNI doesn't contain any billing-related information, like names or addresses. 

An unapproved physical SIM swap enables someone else to take over your phone number, and if that person has your password, to potentially gain access to accounts linked to it -- such as if you use texts for multifactor authentication. If that's happened to you, here's what to do next^[4].

Now playing: Watch this: T-Mobile data breach: What you need to know

2:42

Unlike the earlier breach, which affected more than 50 million people, this one impacted a much smaller number of T-Mobile^[5] customers. 

"We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence. However, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf," the company said in a Wednesday email. 

Update, Dec. 29: Adds comment from T-Mobile.