NOTICE OF DATA BREACH

Dear Customer,

We want to let you know about a sophisticated attack that we recently identified and quickly shut down, which may have impacted some of your account information.

Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees. An investigation was immediately commenced, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was affected. We immediately reported this matter to federal law enforcement and are actively cooperating in their investigation.

The information accessed may have included customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information. Your financial information (including credit card information) and Social Security number were not impacted.

We are not aware of any evidence where the information contained in the affected email accounts has been used to commit fraud or otherwise misused.

We regret that this incident occurred. We take the security of your information very seriously and while we have a number of safeguards in place to protect customer information from unauthorized access, we are also always working to further enhance security so we can stay ahead of this type of activity.

What happened?

Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees. Information accessed illegally may have included names and addresses, phone numbers, account numbers, rate plans and features, and billing information. Your financial information (including credit card information) and Social Security number were not impacted.

I got a notification. What can I do?

We do not have any evidence that the account information contained in the affected accounts has been used to commit fraud or otherwise misused. It is always a good idea to review your account information and update the personal identification number (PIN/passcode) on your T-Mobile account. To do so, you can reach us by dialing 611 from your T-Mobile phone or by calling 1-800-937-8997 from any phone. For additional resources regarding security on your account, please review our Privacy Resources at: https://www.t-mobile.com/responsibility/privacy.

I didn’t get a notification. Should I be worried?

T-Mobile is in the process of notifying customers. It is possible you didn’t hear from us because we don’t have up-to-date contact information for you, or you are no longer a T-Mobile customer. If you want to find out whether your account information was impacted, need further assistance, or have questions about this incident or your account, please contact Customer Care at your convenience. You can reach us by dialing 611 from your T-Mobile phone, if you are a T-Mobile customer, or by calling 1-800-937-8997 from any phone.

What is T-Mobile doing to prevent this from happening again?

T-Mobile, like any other corporation, is unfortunately not immune to this type of criminal attack and we are always working to enhance security so we can stay ahead of this type of activity and protect our customers. We also are reviewing our security policies and procedures to enhance how we protect these systems. For more information about how T-Mobile protects customer information, please refer to our privacy policy, located at: https://www.t-mobile.com/responsibility/privacy.