T-Mobile Customers Affected By Massive Breach

Uploaded on 2021-08-23 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

More than 54 million T-Mobile customers have been hit by a US data breach, the company has admitted, blaming the breach on a "highly sophisticated cyberattack". The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data online.

The company has it said it is "taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack" and has confirmed that an unknown individual in an online forum is claiming to have breached its systems and attempting to sell stolen customer data. 

Those T-Mobuile customers affected include 7.8 million current postpaid customers and about 46 million former and prospective customers who applied for payment plans, but no financial details were leaked, so far as the company is aware.

While US officials have warned of an increase in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point.
"Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems... We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment... We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers." a spokesman said.

Around 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed but T-Mobile says that it has reset all of the PINs on the accounts to protect customers. No phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the files of the customers whose details were breached.

Hackers previously stole the personal information of 15 million T-Mobile customers and potential customers in the US in 2015.
There is no indication yet that former UK customers of T-Mobile have been hit by the data breach. The company's UK operation T-Mobile UK was rebranded as EE in 2012 and sold to BT in 2016 for more than £12bn.

The massive breach at the mobile carrier comes amid a spate of recent high-profile cybersecurity attacks on firms big and small, raising concerns from many that no company is immune

Some of the deeply personal data made available through this data breach could be a gold mine for attackers who want to make use of your credit. T-Mobile advisess that changing your account password and PIN should be one of the first things you do, because the personal information made available through the data breach can give an attacker almost everything they need to gain access T-Mobile users' accounts.

Reuters:      ABC:      Washington Post:     Financial Times:     Wall Street Journal:      BBC:

You Might Also Read:

Minimising The Impact Of Ransomware:

 

« US State Department Under Attack
Seven Ways That Social Media Sabotages Cyber Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

Harmonia Holdings Group

Harmonia Holdings Group

Harmonia Holdings Group was born in 2006 with the vision to bring innovation and change to the federal IT sector.

Syntura

Syntura

Syntura is your trusted partner for advisory, infrastructure and managed services.

Aurva

Aurva

Aurva are a team of engineers, product thinkers, and security minds who believe that data security should be simple, powerful, and built for speed.