1 May 2023

T-Mobile suffers second data breach in 2023

Attackers gained access to the personal information of 836 customers.

T-Mobile has disclosed that the company suffered a second data breach this year in late February 2023, where attackers gained access to the personal information of hundreds of customers. The company stated that the breach was limited to only 836 individuals and that no personal financial account information and call records were not affected by the security breach.

The data breach notification letter sent to impacted customers, as shared by BleepingComputer, states, ‘The information obtained for each customer varied, but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines.’

However, since this compromised personally identifiable information can expose customers to identity theft, T-Mobile is offering the affected customers two years of free credit monitoring and identity theft detection services provided by myTrueIdentity, from Transunion.

T-Mobile has been plagued by several data breaches in the last few years. These include:

· January 2023, when personal information of 37 million current postpaid and prepaid customer accounts was stolen when attacked stole data through a single Application Programming Interface (‘API’) without authorisation.

· December 2021, per the company, a ‘minimal number of customers’ became victims of SIM swap attacks.

· August 2021, a security breach that impacted 54 million customers.

· February 2021, hundreds of users were hit with SIM swapping attacks.