What you need to know
- T-Mobile has announced that it has suffered another data breach.
- The breach occurred in November 2022, but no sensitive data was involved in the attack.
- In 2021, T-Mobile pledged to invest in its cybersecurity program following a series of high-profile breaches.
T-Mobile appears to have had the worst luck with cybersecurity as it announced another data breach affecting millions of subscribers.
On Friday, T-Mobile said in a regulatory filing that malicious individuals used APIs to obtain information from the company’s systems. The operator was able to stop the unauthorized access within 24 hours of detecting it and was able to trace the source with the help of cybersecurity experts.
“We currently believe that malicious individuals first obtained data through the affected API around November 25, 2022,” T-Mobile said in its filing. “We continue to diligently investigate unauthorized activity. Additionally, we have notified certain federal agencies of the incident and are cooperating with law enforcement at the same time.”
T-Mobile estimates that the breach impacted approximately 37 million postpaid and prepaid accounts. However, the carrier said its system was able to prevent access to more sensitive subscriber information such as social security numbers, driver’s license/ID numbers, financial information and PINs/passwords. That’s it. As a result, malicious actors could only access a “limited set of customer account data,” including names, billing addresses, emails, phone numbers, dates of birth, and the number of lines on the account.
T-Mobile said in a press release: (opens in new tab)The carrier says it is now working to notify customers affected by the breach.
Since 2018, T-Mobile has suffered multiple data breaches, including a major breach in 2021 and another attack in early 2022. After the 2021 incident, T-Mobile has pledged to increase investments in its cybersecurity program, including opening a cyber transformation office.
