Honestly, I’d assume being on a MVNO carrier would actually protect you from this, as you’re simply roaming on the T-Mobile network through the carrier agreement. Even ATT and Verizon have roaming agreements.
The issue is for T-Mobile direct customers, which obviously their internal systems have access to. I see no reason why T-Mobile would have access to users accounts at another company…
"Google says that hackers may have accessed limited customer information via the compromised system, which includes phone numbers, SIM card serial numbers, account status, and mobile service plan data. The system did not contain personal customer information such as names, email addresses, payment card data, government IDs, passwords, or pin numbers."
It depends on the MVNO. Some have their own backends. Others only do the marketing and leave the backend to the carrier.
MVNOs do not roam on the carrier, however. The MVNO has a close direct relationship for wholesale access to the network. Roaming is a wholly separate method of access.
The issue is for T-Mobile direct customers, which obviously their internal systems have access to. I see no reason why T-Mobile would have access to users accounts at another company…