Yet Another T-Mobile Data Breach

T-Mobile Data Breach 2023

The new year didn't get off to a great start for the telecom giant, when on 5 January 2023 malicious activity was detected on the T-Mobile system. Although the vulnerability was fixed within 24 hours, it is believed that the bad actor had had access for over a month after exploiting an unsecured API in late November.

The investigation is still ongoing, but so far, T-Mobile claims that the data exposed didn't include login credentials, bank account or credit card information, Social Security numbers, or other government-issued IDs.

So, what was exposed in the latest T-Mobile data breach?

It appears that basic customer data has been compromised, including name, date of birth, billing address, email, account numbers, and phone numbers. The telecom company attempted to play down the data breach stating that the details aren't “sensitive”, but such personal data is more than enough for someone to become a victim of identity theft, fraud, and other scams.

According to a press release issued on the T-Mobile website, it has begun notifying the impacted customers from its 110 million subscribers, and stated,

“We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.”

T-Mobile data breach record

The above words fall a bit short considering this is just the latest in a long list of T-Mobile data breaches. No organization is completely immune to cyberattacks, Twitter is another well-known target, but the frequent occurrence of data breaches at T-Mobile is cause for alarm.

T-Mobile had already formed a “cybersecurity transformation office” and hired cybersecurity and consulting firms to improve its cybersecurity standing after the last breach. Their efforts haven't had much effect it seems as customer data continues to be at risk.

Let's take a look at their track record.

August 2018: The 2018 T-Mobile data breach (which also involved a vulnerable API) exposed the data of 2 million customers including their names, ZIP codes, phone numbers, email addresses, account numbers, and account types. It also included “weakly encrypted" passwords.

November 2019: More than 1 million T-Mobile accounts were compromised after a bad actor accessed prepaid wireless account data. The data leaked included names, billing addresses, phone numbers, account numbers, rate plans, and other subscription details.

March 2020: The T-Mobile security team stopped a malicious attack against its email vendor but not before the hackers gained access to T-Mobile employee email accounts. The result was a breach of names, addresses, phone numbers, account numbers, rate plans and features, and billing information. It also exposed Social Security numbers, financial account information, and ID numbers for some users.

December 2020: Another 200,000 customers were affected when the company's customer proprietary network information database (CNPI) was compromised. This time the data breach included phone numbers, the number of lines subscribed to, and other undisclosed “call-related information” such as call logs.

February 2021: After gaining access to an internal T-Mobile application, bad actor(s) targeted hundreds of T-Mobile users in SIM hijacking. The data accessed by the hackers could have included customers' full names, addresses, emails, account numbers, social security numbers, account PINs, account security questions and answers, and more.

August 2021: More than 50 million T-Mobile customers were impacted after a massive cyberattack. This resulted in T-Mobile being smacked with a $350 million class-action lawsuit. The ink on that was barely dry on the settlement when the company was hit again. Read more about the 2021 T-Mobile data breaches here.

April 2022: Once again, T-Mobile detected a bad actor, this time using stolen credentials to access internal systems. No sensitive information was accessed but according to reports by investigative cybersecurity journalist Brian Krebs, the breach was conducted by the ransomware gang, Lapsus$ who managed to steal T-Mobile source code.

Affected by the latest T-Mobile data breach? Here's what to do

If you are a T-Mobile customer and your account was caught up in the data breach, T-Mobile should be in contact to let you know. But, even if you don't get notified, we think it's best to air on the side of caution. The minute you hear of a T-Mobile data breach, just assume your account has been compromised and take action to change your account passwords and PINs.

Keep an eye on your other accounts, especially if you have a nasty habit of reusing the same password for multiple online accounts.

After a data breach, phishing attacks are a real danger, so pay attention to any emails that may pop up in your inbox. Even if they look legit. Phishing scammers often impersonate well-known brands to trick users into disclosing personal information. Read more about the most common phishing tactics.

But the biggest danger facing victims of a T-Mobile data breach is the possibility of identity theft. To protect yourself, credit monitoring or ID theft protection services are your first port of call.

To know more about how identity theft can affect your life and how to protect yourself, then take a proactive approach and read: Don't Let Identity Theft Consequences Ruin Your Life