US mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com "add a line" website.
The personal information that "may have been viewed", says a letter that Sprint sent to customers, includes: phone number, device type, device ID, first and last name, billing address, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, and add-on services.
The letter is careful to say, "No other information that could create a substantial risk of fraud or identity theft was acquired." However, the personal information that "may have been viewed" is enough to put millions of people's information in a vulnerable spot and leave them open to data breaches.
To take appropriate action, Sprint says it "re-secured" the customer's account if they received a notification that the account PIN had been reset.