19 July 2019
Within two months, Sprint has announced its second customer accounts data breach of the year. The previous one was related to Boost Mobile and now, a Samsung website is said to be the culprit. It became aware of the data breach on June 22nd which is about a month ago. It has now made various known details about the incident public.
It has been revealed that the Sprint customer accounts data breach happened through Samsung's "Add a line" website. It is a website which allows existing Sprint and Samsung users to get an extra line from the carrier. While doing so, it asks for various personally identifiable information which is used for processing the request.
Sprint has said that sensitive information like credit card details and social security number of customers have not been compromised. The breach is said to be comprised of details like phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address, and add-on services. It further added that "no other information that could create a substantial risk of fraud or identity theft was acquired".
The carrier came to know about the breach on June 22nd and three days later, it is said to have reset PINs for all the customers. It was done for every account regardless of it being affected or not. Sprint has said that it does not have information regarding how many accounts were affected which seems to be the reason, it decided to reset PIN for everyone. Even the way through which Sprint discovered the breach has not been shared yet.