In a financial filing with the U.S. Securities and Exchange Commission, T-Mobile revealed that hackers managed to access the personal data of 37 million customers. The data includes name, billing address, email, phone number, date of birth, T-Mobile account number, and other information.
The hacker didn’t get access to systems but abused an API to get access to the data. As per the details available, the hacker started accessing the said data starting November 25. The company detected the breach on January 5 and instantly fixed the bug the hacker was exploiting.
“Rather, the impacted API is only able to provide a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features,” T-Mobile said.
The company claims that no payment card data, passwords, Social Security numbers, driver’s licenses, or other government ID numbers were exposed in the breach. It will also soon notify affected customers.
The company claims that only “basic customer information” was stolen in this breach. It had also reported the incident to U.S. federal agencies and is now working with law enforcement for further investigation.
Either T-Mobile is one of the primary targets of hackers or the company needs to invest in security infrastructure. This is the eighth T-Mobile data breach since 2018. Back in April 2022, the company also became a target of the Lapsus$ extortion gang that breached its network using stolen credentials.
Data stolen in this breach may be used for social engineering attacks, phishing attacks, and identity theft. So, take extra precautions if you are a T-Mobile customer.
Related Posts
