Credit card numbers, social security numbers and passwords weren't accessed, the company noted.
The Bellevue, Wash. company said its cybersecurity team discovered an "unauthorized access" on August 20 and reported it to law enforcement.
T-Mobile says that consumers with questions about the data breach can dial 611, use two-way messaging on MyT-Mobile.com, or access the T-Mobile app.
T-Mobile said it has notified all affected customers, or will do so shortly.
But other information like names, billing zip codes, phone numbers, email addresses, account numbers and account types (postpaid or prepaid) may have been compromised.
T-Mobile did not respond to Reuters request for comment outside regular business hours. Once a hacker has your account number, phone number, and email address, it's easier for them to obtain your login information.
Information on the precise circumstances of the breach is sparse, though T-Mobile's acknowledgment of the event is admirably prompt. But data breaches and new kinds of cellular fraud are gradually making the practice less effective, Guido says. T-Mobile reported 75.62 million customers at the end of Q2 2018.
Speaking to Motherboard, a T-Mobile spokesperson said the cybersecurity incident affected roughly 3 percent of its 77 million customers, or approximately 2 - 2.5 million customers.
"We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you", the announcement reads.