T-Mobile Hacker Exposes 37m Customers' Personal Data

T-Mobile has revealed yet another large scale data breach when, over a month ago, a hacker accessed a mass of personal data belonging to 37 million US customers. This is the company’s second major cyber breach in less than two years.

In a statement T-Mobile said that a “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25. 

T-Mobile said no social security numbers, credit card information, government ID numbers, passwords, PINs or financial information were exposed in the hack.

In a formal statement to the US SEC financial regulator, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting. The hackers, according to T-Mobile, didn’t breach any company system, but rather abused an application programming interface, or API. 

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote. “We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program,” says T-Mobile.

The company, which is a leading mobile network operator worldwide, with110 million US customers has begun a “substantial, multi-year investment” in 2021 to improve its cyber security capabilities and protections.

While this is the first breach disclosed by T-Mobile in 2023, the mobile carrier has disclosed seven other data breaches since 2018, including one where attackers gained access to the data of roughly 3% of all its worldwide customer data.

T-Mobile:     SEC:    Reuters:      CNN:     Techcrunch:      The Verge:    Bleeping Computer:    Image: Unsplash

You Might Also Read: 

Cyber Security Issues For The Mobile Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Advantages Of Using A VPN 
How Next Gen SIEM Addresses The Risks Of Disjointed Security Tools »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

TekSek Cyber Security

TekSek Cyber Security

Preparing you for tomorrow's security threats.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.