Editor’s Note: This article has been edited since it was originally published earlier today, to reflect the recent update that encrypted passwords were also compromised in the T-Mobile breach, contrary to what was disclosed earlier. 

EXECUTIVE SUMMARY:

A T-Mobile data breach has exposed the data of two million customers in a cyberattack that took place on August 20. In a company announcement, T-Mobile said that “certain information” was exposed, including “name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).” The company later revealed that encrypted passwords were also included in the data breach.

T-Mobile confirmed to Gizmodo that the hack affected about three percent of its customers. That might sound small at first, but with a customer base of 77 million, that number is actually huge. The company is claiming that no financial data, social security numbers, or credit card numbers were exposed.

A T-Mobile spokesperson told Motherboard, who broke the story, that they could not disclose “specifics” and that they did not know if the hackers were criminals or part of a government. The mobile communications company has already been in the news in recent months for being at the center of a Motherboard story on phonejacking, where hackers swap out SIM cards.

The T-Mobile attack follows on the heels of another large data breach reported this week, which targeted Cheddars Scratch Kitchen. The restaurant chain fell victim to a point-of-sale system attack that exposed more than 567,000 payment card numbers. Rather than zeroing in on the company’s current system and network, hackers accessed a legacy system that had been disabled and replaced.

Meanwhile, users affected by the T-Mobile breach will be notified via text message.

Get the full story at Motherboard.