T-Mobile reports yet another data breach
T-Mobile, the telecommunications company, has once again fallen prey to a customer data breach. According to a report by Bleeping Computer published on Monday, the latest breach has affected a relatively small number of customers, just over 800 individuals.
Nonetheless, this development has raised concerns given T-Mobile's recent history of cybersecurity incidents, including a massive data breach earlier this year that impacted millions of people. These incidents have fueled questions about the company's ability to secure its customers' data and protect their privacy.
Between February 24 and March 30 of this year, T-Mobile experienced another data breach that was detected on March 27. The breach, which was caused by a hacking incident, compromised the personal information of 836 individuals, including their names and driver's license or identification card numbers.
Additionally, it is possible that the breach exposed other sensitive data, such as account PINs, Social Security numbers, dates of birth, balances due, and phone plan details. However, financial account information and call records were not affected by this incident.
T-Mobile has issued a statement confirming that its existing security measures successfully detected unauthorized access by an external party to a limited amount of customer data. According to data breach notification letters sent by the company to affected customers on April 28, 2023:
"In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023.”
T-Mobile has stated that the threat actors responsible for the recent data breach did not manage to access customers' call records or their personal financial account information.
"We notified a small number of customers that our systems and processes worked to detect and stop a bad actor who was accessing accounts using compromised credentials," T-Mobile told CNET.
The carrier will continue investigating the breach to "expand the safeguards," it said.
T-Mobile is exploring the incident
T-Mobile has launched an investigation into the recent data breach and plans to implement additional safeguards to prevent similar incidents in the future. While the specific information exposed in the breach varied for each affected customer, it could have included a range of sensitive data, such as full names, contact information, account numbers and associated phone numbers, T-Mobile account PINs, social security numbers, government IDs, dates of birth, balances due, internal codes used to service customer accounts, and the number of lines.
In response to the breach, T-Mobile proactively reset account PINs for affected customers and is offering them two years of free credit monitoring and identity theft detection services through TransUnion myTrueIdentity.Advertisement
These breaches you wrote about seem to be confined to the US, or at least I’ve never seen them on this side of the Pond (in the Netherlands). I don’t know if they take place anywhere else in the EU though.