US telecoms firm T-Mobile has reported a cyberattack, which compromised personally identifiable information relating to many of its employees and customers.
The company said its cybersecurity team spotted and shut down an attack against its email vendor, which resulted in the exposure of information including names, addresses, phone numbers, account numbers, rate plans, features and billing information.
Personally identifiable information of this kind could be used by hackers to conduct phishing campaigns, to impersonate a victim and, in extreme cases, steal their tax refunds.
According to Android Central, the incident did not compromise financial information such as credit card data or Social Security numbers.
T-Mobile said the stolen data is unlikely to have been used by hackers yet, but advised account holders and employees to review their information and change their passwords immediately.
The company is also offering a free two-year subscription to an online credit monitoring service to all affected customers that sign up before May 31.
“T-Mobile is in the process of notifying customers. It is possible you didn’t hear from us because we don’t have up-to-date contact information for you,” the company explained.
The telecoms giant has notified federal law enforcement agencies and is “actively” cooperating with investigators.