T-Mobile, now the third-largest wireless provider in the United States following its completed $26 billion acquisition of Sprint, concluded 2020 with the announcement of its second data security incident of the year.

The mobile network operator disclosed in a statement published on its website that it recently identified unauthorized access to certain customer account details, encompassing data generated and gathered by T-Mobile to deliver wireless services.

According to the statement: “Our security team recently detected and contained malicious, unauthorized activity involving some information linked to your T-Mobile account. We promptly launched a thorough investigation, supported by prominent cybersecurity specialists, to ascertain the nature of the incident and the scope of the data affected. We also immediately alerted federal authorities and are currently working to inform customers whose information may have been compromised.”

This type of data, known as customer proprietary network information (CPNI), may include details about call activity – such as the time and duration of calls, the originating and receiving phone numbers, and other details typically found on a customer’s billing statement.

However, the company stated that the unauthorized access did not include customer names, residential or email addresses, financial information, or account passwords (or PINs).

A T-Mobile representative indicated that the breach occurred in early December and impacts roughly 0.2% of its customer base – equating to approximately 200,000 customers.

This represents the most recent security event to affect the wireless carrier in recent times.

In 2018, T-Mobile reported that the personal information of as many as two million customers may have been obtained through data scraping. The following year, the company verified that hackers gained access to the records of another million prepaid customers. Earlier in 2020, T-Mobile acknowledged a breach of its email infrastructure, resulting in unauthorized access to some employee email accounts and potential exposure of customer data.

Updated with a statement from T-Mobile.