Attackers may have compromised three percent of T-Mobile’s 77 million customers on Monday, revealing personal information like addresses, phone numbers, and account numbers.

Credit cards, passwords, and social security numbers were not accessed, according to T-Mobile. The company will notify affected customers via text message.

Here’s Sean Keane, writing for CNet:

The intrusion took place on Monday, and some customer data “may have been exposed” before the carrier’s cybersecurity team shut off access and reported the breach to law enforcement, it said in a statement. That information included customer names, billing zip codes, phone numbers, email addresses, account numbers and account types (prepaid or postpaid). Credit card numbers, social security numbers and passwords weren’t accessed, the company noted.

Attackers having your address and account numbers may not sound like a big deal, but information like this is useful for social engineering attacks, where a scammer will call customer service pretending to be you.

And leaks like this keep happening. T-Mobile data was leaked just two years ago, via Experian. The T-Mobile website once allowed anyone with your phone number to access your account. So it’s easy to read something like this and think of it as routine, which points to just how common breaches are. That’s tragic in and of itself, really.

Photo credit: r.classen/Shutterstock.com