What you need to know
- T-Mobile announces that it has suffered another data breach.
- The breach occurred in November 2022, but no highly sensitive data was involved in the attack.
- In 2021, T-Mobile committed to investing in its cybersecurity program following a series of high-profile breaches.
T-Mobile seems to have the worst luck with cybersecurity, as the carrier announces another data breach affecting millions of its subscribers.
On Friday, T-Mobile said in a regulatory filing that a bad actor used an API to obtain information from its systems. The carrier was able to put a stop to it within 24 hours of detecting the unauthorized access and was able to trace the source with the help of cybersecurity experts.
"We currently believe that the bad actor first retrieved data through the impacted API starting on or around November 25, 2022," T-Mobile says in the filing. "We are continuing to diligently investigate the unauthorized activity. In addition, we have notified certain federal agencies about the incident, and we are concurrently working with law enforcement."
T-Mobile estimates that the breach affected approximately 37 million postpaid and prepaid accounts. However, the carrier says its systems were able to prevent access to more sensitive subscriber information, such as social security numbers, driver’s license/ID numbers, financial information, and PINs/passwords. As a result, the bad actor could only access a "limited set of customer account data," including name, billing address, email, phone number, date of birth, and the number of lines on an account.
"While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, we want to be transparent with our customers and ensure they are aware," T-Mobile stated in a press release. The carrier says it's currently working to inform customers affected by the breach.
T-Mobile has suffered multiple data breaches since 2018, including a major breach in 2021 and another attack in early 2022. Following the 2021 incident, T-Mobile pledged to invest more in its cybersecurity program, which included opening a Cyber Transformation Office.
