T-Mobile Hacker Exposes 37m Customers' Personal Data

Uploaded on 2023-01-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

T-Mobile has revealed yet another large scale data breach when, over a month ago, a hacker accessed a mass of personal data belonging to 37 million US customers. This is the company’s second major cyber breach in less than two years.

In a statement T-Mobile said that a “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25. 

T-Mobile said no social security numbers, credit card information, government ID numbers, passwords, PINs or financial information were exposed in the hack.

In a formal statement to the US SEC financial regulator, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting. The hackers, according to T-Mobile, didn’t breach any company system, but rather abused an application programming interface, or API. 

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote. “We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program,” says T-Mobile.

The company, which is a leading mobile network operator worldwide, with110 million US customers has begun a “substantial, multi-year investment” in 2021 to improve its cyber security capabilities and protections.

While this is the first breach disclosed by T-Mobile in 2023, the mobile carrier has disclosed seven other data breaches since 2018, including one where attackers gained access to the data of roughly 3% of all its worldwide customer data.

T-Mobile:     SEC:    Reuters:      CNN:     Techcrunch:      The Verge:    Bleeping Computer:    Image: Unsplash

You Might Also Read: 

Cyber Security Issues For The Mobile Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Advantages Of Using A VPN 
How Next Gen SIEM Addresses The Risks Of Disjointed Security Tools »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Open Information Security Foundation (OISF)

Open Information Security Foundation (OISF)

OISF is a non-profit organization led by world-class security experts, programmers, and others dedicated to open source security technologies.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Saidot

Saidot

Saidot is a Finnish AI governance and alignment company committed to helping businesses safely and transparently integrate AI into their operations.