Hackers stole an unknown number of Sprint users’ data after breaching the Samsung.com “add a line” website, according to a letter Sprint sent to impacted customers.
“The personal information of yours that may have been viewed includes the following: phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services,” the letter said. The story was first reported by ZDNet.
Sprint said that they were informed of the unauthorized access on June 22. The company added that the information that was accessed did not pose a “substantial risk of fraud or identity theft,” although the company did include a list of actions customers could take if they felt that their information was comprised by hackers, including reviewing credit scores and purchases, filing a police report, or closing accounts that could have been tampered with.
A spokesperson for Sprint told digital trends that credit card numbers and social security numbers were encrypted and not compromised.
“Because Sprint takes this matter, and all matters involving our customers’ privacy, very seriously, in addition to the initial customer notification, Sprint is taking the extra step of separately sending letters to impacted customers to remind them to update their existing PINs and that a dedicated Care Team has been established for assistance,” the spokesperson said. “As a precautionary measure, we have also provided information on tools and resources that will help our customers safeguard their personal information.”
The letter also said that all Sprint rescued all compromised accounts as of June 25 by resetting customers’ PIN codes. There is no information on the exact number of accounts that were breached, the date or date range that the hacks occurred and if any customers’ account details were modified by the hackers. According to Sprint’s website, the network serves 54.5 million customers.
Sprint carries over 10 models of Samsung phones like the Samsung Galaxy S10 and the Samsung Galaxy Note9. Digital Trends reached out to Samsung, who told us they were aware of the breach and take their users’ security seriously.
“We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung,” a Samsung spokesperson told Digital Trends. “We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”
As the fourth-largest mobile network in America, Sprint may soon merge with T-Mobile, which is the third-largest mobile network. The new network merger would cover more than 126 million customers in the U.S combined.
Updated 4:23 p.m. with Sprint spokesperson’s comment.
