Sprint, a mobile phone operator in the United States, experienced a data breach which affected an unknown number of customers. According to reports, hackers gained access to these accounts via the Samsung website.
Based on the report released by ZD Net, the company initially suffered the data breach last June 22, 2019. The company reportedly gained control of the customer accounts on June 25, 2019.
The list of compromised personal data includes sensitive information. These consist of the first and last names of account holders, phone numbers, and billing address. Moreover, hackers also gained unauthorized access to the device type, device ID, subscriber ID, account number, and account creation date.
The Sprint press release also states that the hackers may have viewed the monthly recurring charges and add-on services. Upgrade eligibility information also became compromised in the process.
Despite the massive breach, Gizmodo states that credit card and social security numbers of customers remain safe and secure. Likewise, the company believes that the breach does not bring “substantial risk of fraud or identity theft,” reports ZD Net.
Hacking Details
Gizmodo reports that hackers gained unauthorized access to the Sprint system through the Samsung website. The press release details that hackers obtained personal information “via the Samsung.com ‘add a line’ website.”
Alongside this, Samsung notes that it “recently detected fraudulent attempts to access Sprint user account information.” Despite these attempts, Samsung acknowledges that “no Samsung user account information was accessed as part of these attempts.”
Sprint also said that it did not find any fraudulent activities related to the data breach.
Security Measures
Following reports of unauthorized access, CNET states that it immediately notified its customers on June 25, 2019. The company notice also mentioned a PIN reset in the event hackers obtained customer PINs.
Besides resetting the PINs of account holders, Sprint also plans to individually send notices to affected customers. The business also put up a Care Team to assist impacted people.
In the same way, Samsung took extra measures to protect the identity and the sensitive information of its users. Following the incident, the tech giant said they “deployed measures to prevent further attempts of this kind on Samsung.”
Affected or concerned individuals should put a fraud alert on their credit reports. In the case of identity or credit theft, Sprint advises its customers to work with authorities to address the issue.
Last May 2019, the US telco service also experienced a data breach in its prepaid branch, Boost.
