In November 2019, T-Mobile’s cybersecurity team identified and shut down unauthorized access to systems containing prepaid customer account information. Approximately 1.26 million prepaid customers were affected — less than 1.5% of T-Mobile’s total customer base at the time. Exposed data included names, billing addresses, phone numbers, account numbers, rate plans, and features. No Social Security numbers, passwords, or financial information were confirmed exposed. T-Mobile notified affected customers and reset PINs. This breach is distinct from the far larger August 2021 breach attributed to John Binns affecting 54 million records, and the 2023 API breach affecting 37 million accounts. T-Mobile has experienced multiple separate breach incidents across 2019, 2020, 2021, 2022, and 2023.