What you need to know:
An undisclosed third-party had unauthorized access to a subset of customer data for T-Mobile / Metro PCS. That data includes names, email-id, phone number, zip code, Account number or type (postpaid or prepaid). It’s unclear when the breach occurred, but the hole was plugged August 20, 2018.
What you need to do (as a T-Mobile or Metro PCS customer):
Strongly consider changing your password. The company stated that no financial data, social security numbers or passwords were exposed. However, since the breach could have exposed the existence of your account with them, savvy criminals could combine hacked credentials from other breaches to gain access to an account that has a shared password. Access to a cellular account could allow a third-party to activate a new SIM and redirect text messages, giving subsequent access to financial accounts which require Two-Step Authentication (where a temp passcode is sent to your phone via text).
Read T-Mobile’s statement regarding the breach HERE