Breach, Incident Response

T-Mobile promises better security after year’s second breach

T-Mobile breach impacts hundreds

T-Mobile apologized to customers affected by its second data breach this year and says it is continuing to work on enhancements to its information security systems.

The latest breach involved the theft of personal details, account information and PIN numbers belonging to 836 customers between February 24 and March 30.

The volume of data stolen in the latest incident is small compared to a breach revealed in January where hackers exploited a third-party vendor’s application programming interface to access 37 million T-Mobile accounts. But it is a further blow to the reputation of the U.S.’s second-largest wireless carrier which has notched up nine data breaches since 2018.

It is also symptomatic of a surge in attacks on telecom companies over the past few months.

T-Mobile’s latest breach was discovered on March 27 and reported to the Office of the Maine Attorney General, Aaron Frey. In a letter to affected customers, T-Mobile said the information obtained by the hackers may have included customers’ names, contact information, social security numbers, government ID details, and dates of birth, along with their T-Mobile account, PIN and phone numbers.

No personal financial account information or call records were stolen.

While it didn’t reveal details of the hack, T-Mobile told affected customers: “the measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts”.

“While we have a number of safeguards in place to prevent unauthorized access such as this from happening, we recognize that we must continue to make improvements to stay ahead of bad actors,” the company said in its letter.

“We take these issues seriously. We apologize that this happened and are furthering efforts to enhance security of your information.”

The larger T-Mobile breach revealed in January prompted a warning from researchers that poorly protected APIs were becoming a major risk to data security.

In a February report, Cyble Research and Intelligence Labs said the January attack led to targeted SIM swapping attacks on Google Fi, which uses T-Mobile as its primary service provider.

That attack occurred just months after T-Mobile reached a $2.43 million settlement with 40 U.S. state attorneys general over a 2015 breach of an Experian network where T-Mobile, an Experian client, stored customer information.

In 2021, the personal information of 77 million T-Mobile customers was compromised through brute-force attacks on the carrier.

Simon Hendery

Simon Hendery is a freelance IT consultant specializing in security, compliance, and enterprise workflows. With a background in technology journalism and marketing, he is a passionate storyteller who loves researching and sharing the latest industry developments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.