Yeah, historically a lot of the aggregators of cellular location data have had huge security issues.
One of them even had a demo page open to the internet that just had a 'Has consent?" checkbox. Showed me my own location within two blocks without any real validation of consent. No options from the vendor to disable this.
Contacting T-Mobile just gets you a PO Box you can mail a letter to.
The fact that the data would be local is why I suspect the response would be different.