T-Mobile announces another data breach, impacting 37 million accounts
T-Mobile has revealed the company’s second major breach in less than two years, admitting that a hacker was able to obtain customer data, including names, birth dates, and phone numbers, from 37 million accounts. The telecom giant said in a regulatory filing on Thursday that it currently believes the attacker first retrieved data around November 25th, 2022, through one of its APIs.
T-Mobile says it detected malicious activity on January 5th and that the attacker had access to the exploited API for over a month. The company says it traced the source of the malicious activity and fixed the API exploit within a day of the detection. T-Mobile says the API used by the hacker did not allow access to data that contained any social security numbers, credit card information, government ID numbers, passwords, PINs, or financial information.
T-Mobile has begun notifying customers whose information may have been obtained
In a public press release announcing the breach, T-Mobile omitted that the breach impacted 37 million accounts and that it had gone undetected for over a month. Instead, the statement expressed the company had “shut it down within 24 hours” as soon as its teams had identified the issue. T-Mobile has started to notify customers whose information may have been obtained in the breach.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” the company said in the filing. “There is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”
T-Mobile has disclosed eight hacks since 2018, with previous breaches exposing customer call records in January 2021, credit application data in August 2021, and an “unknown actor” accessing customer info and executing SIM-swapping attacks in December 2021. In April last year, the hacking group Lapsus$ stole T-Mobile’s source code after purchasing employees’ credentials online.
T-Mobile has revealed the company’s second major breach in less than two years, admitting that a hacker was able to obtain customer data, including names, birth dates, and phone numbers, from 37 million accounts. The telecom giant said in a regulatory filing on Thursday that it currently believes the attacker…
Recent Posts
- Google CEO Sundar Pichai on AI-powered search and the future of the web
- The End of ‘iPhone’
- Meta and LG’s headset partnership is on the rocks
- Android Automotive gets major update with native Max and Peacock streaming
- Your old iPhone is now worth more on Apple Trade In, but not for long – here are the new prices
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011