T-Mobile Hacker Exposes 37m Customers' Personal Data

Uploaded on 2023-01-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

T-Mobile has revealed yet another large scale data breach when, over a month ago, a hacker accessed a mass of personal data belonging to 37 million US customers. This is the company’s second major cyber breach in less than two years.

In a statement T-Mobile said that a “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25. 

T-Mobile said no social security numbers, credit card information, government ID numbers, passwords, PINs or financial information were exposed in the hack.

In a formal statement to the US SEC financial regulator, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting. The hackers, according to T-Mobile, didn’t breach any company system, but rather abused an application programming interface, or API. 

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote. “We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program,” says T-Mobile.

The company, which is a leading mobile network operator worldwide, with110 million US customers has begun a “substantial, multi-year investment” in 2021 to improve its cyber security capabilities and protections.

While this is the first breach disclosed by T-Mobile in 2023, the mobile carrier has disclosed seven other data breaches since 2018, including one where attackers gained access to the data of roughly 3% of all its worldwide customer data.

T-Mobile:     SEC:    Reuters:      CNN:     Techcrunch:      The Verge:    Bleeping Computer:    Image: Unsplash

You Might Also Read: 

Cyber Security Issues For The Mobile Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Advantages Of Using A VPN 
How Next Gen SIEM Addresses The Risks Of Disjointed Security Tools »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Exeon Analytics

Exeon Analytics

Exeon Analytics is a Swiss cyber security company that is specialized in detecting hidden data breaches and advanced cyber attacks.

HUB Security

HUB Security

Hub Security provide Ultra Secure, Military Grade HSM (Hardware Security Module) Solutions for Blockchain and Digital Assets.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Custard Technical Services

Custard Technical Services

Custard provide Network Security for all types of businesses across many industries, helping to keep them safe and secure.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

DigitalXForce

DigitalXForce

DigitalXForce is the Digital Trust Platform for the New Era – SaaS based solution that provides Automated, Continuous, Real Time Security & Privacy Risk Management.