T-Mobile has suffered a cyber attack wherein hackers managed to steal user data. 37 million customer accounts were accessed, both prepaid and postpaid, through one of the telecommunication service's Application Programming Interface.
Tens of Millions Affected
The company revealed that the hacker started stealing user data as early as November 25th, 2022. It wasn't until January 5th of 2023 that T-Mobile detected the activity and cut the hacker's access off from the API the next day.
The mobile carrier disclosed that the impacted API provided the hacker with certain data, which includes their names, billing addresses, emails, phone numbers, dates of birth, account numbers, and information regarding account lines and plans.
They clarified that the access was limited, and the threat actors did not manage to steal users' driver's licenses, government IDs, social security numbers, tax IDs, passwords, payment card information, and financial information, according to Bleeping Computer.
What They're Doing to Fix the Issue
T-Mobile immediately conducted an investigation with third-party cybersecurity experts within the day of learning about the data breach. The company claims that it managed to trace the source of the malicious activity and stopped it.
As of right now, the investigation is still ongoing, but they believe that the incident has already been contained. It was also mentioned on the US Securities and Exchange Commission website that there was no evidence that the company's systems and networks were breached.
The telecommunication company is currently informing its customers of the incident after a thorough investigation, saying that it wanted to be transparent even if the breach would not compromise customer accounts and finances.
Read Also: T-Mobile Hacker Gets 10-Year Sentence for Unlocking Phones
Questioning the Company's Security
Given that the company holds a lot of sensitive user information, it can be quite alarming that it has experienced eight data breaches in a little under five years. The first breach was around August of 2018 when the hacker managed to steal from 3% of the company's customers.
The 3% accounted for 3.9 million customers. The threat actor managed to steal customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types. Luckily, financial data and passwords were not affected by the breach.
Back in November 2019, T-Mobile experienced another breach wherein it notified customers of the incident via SMS notification. Information regarding prepaid service accounts, names, billing addresses, phone numbers, and rate plans was stolen in the attack.
In March 2020, a hacker was able to gain access to the company's employee accounts, which in turn had access to information like social security numbers, financial information, government ID numbers, billing information, and rate plans.
In the same year in December, a data breach exposed its customers' proprietary network information, as well as phone number and call records. 200,000 customers were affected by this breach, wherein phone numbers, account line subscriptions, and other information were stolen.
There was even an incident where the company has fallen victim to a ransomware attack. The stolen data was leaked even as the company paid a ransom of $270,000. In 2022, T-mobile suffered a network breach at the hands of the Lapsus$ extortion gang.
Related: T-Mobile Breach: LAPSUS$ was Able to Access Source Code
