Sprint has confirmed a data breach, telling customers that hackers broke into their accounts through a Samsung website. The number of customer accounts breached isn’t yet known, CNET sister site ZDNet reported Tuesday.
The hack occurred June 22, Sprint told its customers in a letter, and included details like first and last name, billing address, phone number, subscriber ID, account number, device type, device ID, monthly charges, account creation date, upgrade eligibility and any add-on services. It occurred via the Samsung “add a line” website.
“No other information that could create a substantial risk of fraud or identity theft was acquired,” Sprint said. The carrier added it has “taken appropriate action” to secure all accounts, and hasn’t found any fraudulent activity resulting from the breach.
Sprint said it notified customers on June 25 of a PIN reset “just in case” their PIN had been compromised. In, Sprint was also breached via its Boost Mobile prepaid subsidiary — it said hackers used Boost phone numbers and Boost.com PIN codes to gain access to Sprint accounts.
“Information such as customers’ account Personal Identification Numbers (PINs) may have been compromised, however credit card and social security numbers are encrypted and were not compromised,” Sprint told CNET in an emailed statement.
A Samsung spokesperson told CNET the company takes security very seriously.
“We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung,” the spokesperson said in an emailed statement. “We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”