(Gray News) – An unknown number of Sprint customer accounts were hacked via a Samsung website, multiple outlets reported Tuesday.
According to technology news website ZDNet, the telecommunications company confirmed the data breach, which occurred via Samsung’s “add a line” website, in a letter to affected customers.
In the letter, which ZDNet reports it obtained, customers were told the hack may have compromised information including first and last names, billing addresses, account numbers, subscriber IDs, phone numbers, device types and device IDs.
The letter said “… no other information that could create a substantial risk of fraud or identity theft was acquired.”
ZDNet reports Sprint learned about the data breach on June 22 and reset PIN codes on June 25 to re-secure all compromised accounts.
Kansas City, Mo., television station WDAF reports Sprint confirmed the hack occurred, saying in a statement to the station that the company takes the matter very seriously, and “…in addition to the initial customer notification, Sprint is taking the extra step of separately sending letters to impacted customers to remind them to update their existing PINs and that a dedicated Care Team has been established for assistance. As a precautionary measure, we have also provided information on tools and resources that will help our customers safeguard their personal information.”
Media website CNET – a ZDNet sister site – reports Sprint and Samsung confirmed the breach in emailed statements, with Sprint writing, “Information such as customers’ account Personal Identification Numbers (PINs) may have been compromised, however credit card and social security numbers are encrypted and were not compromised."
CNET reports a Samsung spokesperson as saying in an emailed statement, “We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung,” adding the company took measures to prevent similar hacking attempts, and that “no Samsung user account information was accessed” by hackers.
The website Gizmodo also reports Sprint confirmed the data breach, with the company telling the website that credit cards and social security numbers weren’t compromised because they are encrypted.