Sprint is in the process of informing customers about a security breach that occurred last month.
In a letter to affected customers, Sprint said it learned of the unauthorized access on June 22, 2019. According to the nation’s fourth largest wireless carrier, hackers gained access through the “add a line” portal on Samsung’s website.
Potentially exposed data includes phone numbers, first and last names, billing addresses, device types, device IDs, monthly recurring charges, subscriber IDs, account numbers, account creation dates, upgrade eligibility and add-on services. Sprint said no other information “that could create a substantial risk of fraud or identity theft” was acquired which, technically speaking, doesn’t rule out the possibility that other, lesser information was also compromised.
The carrier said it took appropriate action to secure impacted accounts from unauthorized access. In the sample e-mail supplied by ZDNet, Sprint said it “re-secured your account on June 25, 2019” by resetting the PIN.
Sprint hasn’t revealed how many accounts were impacted by the breach, nor do we know when the breach first occurred only the date Sprint was made aware of the unauthorized access. ZDNet reached out with those questions and more but a response was not received in time for publication.