T-Mobile Hacker Exposes 37m Customers' Personal Data

T-Mobile has revealed yet another large scale data breach when, over a month ago, a hacker accessed a mass of personal data belonging to 37 million US customers. This is the company’s second major cyber breach in less than two years.

In a statement T-Mobile said that a “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25. 

T-Mobile said no social security numbers, credit card information, government ID numbers, passwords, PINs or financial information were exposed in the hack.

In a formal statement to the US SEC financial regulator, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting. The hackers, according to T-Mobile, didn’t breach any company system, but rather abused an application programming interface, or API. 

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote. “We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program,” says T-Mobile.

The company, which is a leading mobile network operator worldwide, with110 million US customers has begun a “substantial, multi-year investment” in 2021 to improve its cyber security capabilities and protections.

While this is the first breach disclosed by T-Mobile in 2023, the mobile carrier has disclosed seven other data breaches since 2018, including one where attackers gained access to the data of roughly 3% of all its worldwide customer data.

T-Mobile:     SEC:    Reuters:      CNN:     Techcrunch:      The Verge:    Bleeping Computer:    Image: Unsplash

You Might Also Read: 

Cyber Security Issues For The Mobile Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Advantages Of Using A VPN 
How Next Gen SIEM Addresses The Risks Of Disjointed Security Tools »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

CyberGhost

CyberGhost

CyberGhost is a Virtual Private Network services provider offering secure encrypted access to the internet.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

AEC

AEC

AEC is a provider of information security products and services including risk analysis, penetration testing and the implementation of security solutions.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

Cyber Zones

Cyber Zones

Cyber Zones is a leading provider of penetration test services, RED team assessment services, digital forensics and IT security consulting.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

guardDog.ai

guardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.