T-Mobile announced yesterday (March 4) that some consumers' personal information, including "customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information" may have been accessed by criminals.

"Financial information (including credit card information) and Social Security numbers were not affected," the company said in a notice posted on T-Mobile's website, and affected users were sent via text message sent to their T-Mobile phones.

T-Mobile attributed the data breach to a "sophisticated attack" targeting its internal email vendor that "resulted in unauthorized access to certain T-Mobile employee email accounts" containing customer data.

No details were given as to how many customers may have been affected or when the intrusion began and ended.

"We are not aware of any evidence that the information contained in the affected email accounts was fraudulently or otherwise misused," the company said, adding that "it is always a good idea to review your account information and update your T-Mobile account personal identification number (PIN/passcode)."

T-Mobile said it is "in the process of notifying customers" and that anyone concerned that they may have been affected should call 611 from a T-Mobile phone or call 1-800-937-8997 from any phone.

T-Mobile has not suggested a possible motive for the data breach and data theft, but the type of information compromised is the kind used by online criminals in SIM swapping attacks.

SIM swapping is when a fraudster calls customer service or enters a carrier's retail store, impersonates a legitimate customer of the carrier, and demands that the customer's calling number be transferred to a new phone or SIM card.

The goal is to receive a two-factor authentication (2FA) code that is texted to the victim's phone number, and the ultimate goal is often financial account takeover or cryptocurrency theft SIM swaps are used to exploit pay-by-phone accounts in some cases In some cases, SIM swaps can be used to exploit pay-by-phone accounts.