T-Mobile Falls Prey to Data Breach Again

By Greg Tavarez January 20, 2023

T-Mobile (News - Alert) is one of the major carriers striving to better connect everyone by teaming up with Cisco to ramp up 5G performance or by connecting Delta Air Lines SkyMiles Members.

Being one of the major carriers also means that a bigger target is placed on the Un-carrier's back for cyberattacks – the 2021 cyberattack that affected around 76.6 million people for example.

Well, T-Mobile found itself victim of another data breach, its eighth data breach since 2018, after a threat actor stole personal information of 37 million current postpaid and prepaid customer accounts through one of its APIs.

The company did not say how the API was exploited, but says that the bad actor in the attack stole data using the API around November 25, 2022. T-Mobile detected the malicious activity on January 5 of this year, and the attacker’s access to the API was cut off a day later.

Luckily, the abused API did not allow the attacker to access affected customers' driver's licenses or other government ID numbers, Social Security numbers, passwords, PINs or payment card information.

Obviously, any data breach is not good. So if there is a silver lining in this for customers, the API only provides more basic information, as T-Mobile called it, such as the customer’s name, billing address, phone number, account number and the number of lines and features. This could simply be T-Mobile downplaying the situation to avoid panic among its customers.

The incident was reported to U.S. federal agencies, and T-Mobile is working with law enforcement to investigate the breach. The carrier is also notifying customers who might be impacted by the breach.

Eight breaches since 2018 is a lot, especially for a company that should have enough resources to better protect itself and its customers. But T-Mobile keeps finding itself in this cycle.

From attackers accessing an internal T-Mobile application without authorization, a brute-force attack and paying attackers $270,000 in 2021 to the Lapsus$ extortion gang breaching its network using stolen credentials in 2022 to now, not much progress is being made by T-Mobile on the cybersecurity side. At least that’s what it looks like from the view of a consumer.

Sure, this only affects a percentage of T-Mobile customers, but T-Mobile still needs to do something to reassure every one of its customers, even potential future customers, that their data and private information is secured.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TMC Announces 2024 INTERNET TELEPHONY Product of the Year Award Winners

The 24th Annual INTERNET TELEPHONY Product of the Year Award recognizes and honors companies that have developed exceptional VoIP and IP Communications products and services.

Read More

Snom Approved for Use on Reinvent Wholesale Platform

Reinvent recently announced that Snom, a manufacturer of IP phones and devices, was officially approved for use on the Reinvent wholesale platform.

Read More

Nextiva Appoints Jim Nystrom to Chief Revenue Officer Role

AI-powered customer experience platform solutions provider Nextiva has added to its leadership team with the recent appointment of Jim Nystrom as the company's new Chief Revenue Officer (CRO).

Read More

ITEXPO Keynoter: 'GenAI Comes with the Good, the Bad and the Ugly'

During a keynote presentation at ITEXPO 2024, Kate Soule, program director for generative ai research, IBM, discusses how to put AI to work for the enterprise.

Read More

Startups Pitch Visions of the Future at IDEA Showcase

The IDEA Showcase at ITEXPO 2024, part of the #TECHSUPERSHOW, is a chance for startups to present their pitches before a group a judges.

Read More