Although the breach occurred in October 2003, full details have only recently come to light after the alleged culprit Nicholas Jacobsen was quietly indicted last October.
In a statement, T-Mobile said it discovered in October 2003 that a hacker broke into one of its internal systems and viewed 400 customer names and social security numbers but no credit card numbers.
Affected customers were notified and none has reported any problems due to the breach. But last year, the same attacker accessed the handset of a U.S. Secret Service agent, according to T-Mobile. The agent's personal PDA contained limited investigative data, which was against policy, but no case was compromised in the breach, said Secret Service spokesman Jonathan Cherry.
Bellevue, Wash.-based T-Mobile said it quickly implemented safeguards after discovering the 2003 breach to prevent further access, but an official declined to elaborate, citing the ongoing investigation.
"We take this issue extremely seriously," said Peter Dobrow, T-Mobile spokesman. "There's a significant group of people involved, and we invest a lot of capital, because security is a high priority."
The case came to light months after the Secret Service's Operation Firewall crackdown on cybercrime last October, in which 28 suspects were arrested.