Jump to content
  • T-Mobile announces another data breach, impacting 37 million accounts


    Karlston

    • 440 views
    • 2 minutes
     Share


    • 440 views
    • 2 minutes

    The attacker obtained customer names, billing addresses, emails, phone numbers, and birth dates through an internal API.

    T-Mobile has revealed the company’s second major breach in less than two years, admitting that a hacker was able to obtain customer data, including names, birth dates, and phone numbers, from 37 million accounts. The telecom giant said in a regulatory filing on Thursday that it currently believes the attacker first retrieved data around November 25th, 2022, through one of its APIs.

     

    T-Mobile says it detected malicious activity on January 5th and that the attacker had access to the exploited API for over a month. The company says it traced the source of the malicious activity and fixed the API exploit within a day of the detection. T-Mobile says the API used by the hacker did not allow access to data that contained any social security numbers, credit card information, government ID numbers, passwords, PINs, or financial information.

     

    In a public press release announcing the breach, T-Mobile omitted that the breach impacted 37 million accounts and that it had gone undetected for over a month. Instead, the statement expressed the company had “shut it down within 24 hours” as soon as its teams had identified the issue. T-Mobile has started to notify customers whose information may have been obtained in the breach.

     

    “Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” the company said in the filing. “There is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”

     

    T-Mobile has disclosed eight hacks since 2018, with previous breaches exposing customer call records in January 2021, credit application data in August 2021, and an “unknown actor” accessing customer info and executing SIM-swapping attacks in December 2021. In April last year, the hacking group Lapsus$ stole T-Mobile’s source code after purchasing employees’ credentials online.

     

     

    T-Mobile announces another data breach, impacting 37 million accounts


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...