T-Mobile is informing customers of a data breach that saw a “bad actor” obtain “limited types of information” from user accounts. T-Mobile says that it shut down this bad actor’s access to the data within 24 hours, and that system fallbacks in place “prevented the most sensitive types of customer information from being accessed.”
T-Mobile announces another data breach
T-Mobile announced this security breach in an article on its website today. This marks the latest in a string of data breaches that have impacted the company. The biggest of those data breaches occurred in August of 2021 and impacted over 50 million people. In that data breach, personal data, including social security numbers, was accessed by the hacker.
We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.
As soon as our teams identified the issue, we shut it down within 24 hours. Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.
Thankfully, at least as of right now, the data breach announced today didn’t include that type of sensitive customer data. The company says that “no information was obtained for impacted customers that would compromise the safety of customer accounts or finances.”
Instead, the “bad actor” obtained some “basic customer information” that it says is already widely available elsewhere:
No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.
T-Mobile’s post on its website doesn’t reveal how many customers were impacted by this data breach. In a filing with the US Securities and Exchange Commission, however, the company says that the breach exposed the customer information of 37 million accounts.
This data breach ultimately doesn’t seem nearly as bad as other breaches that have impacted T-Mobile. Nonetheless, it’s not reassuring that the company continues to face these types of security concerns.
- T-Mobile breached by cybercrime group LAPSUS$ through compromised employee accounts
- T-Mobile hack confirmed, carrier says 47.8M records taken
- T-Mobile discloses data breach affecting over 1 million subscribers
The post T-Mobile admits to another security breach impacting 37 million accounts first appeared on 9to5mac.com