From The Blog

Tuesday, 02 May 2023 09:26

T-Mobile’s History of Data Breaches Comes up as the Second Breach of 2023 is Announced

Written by

Reading time is around minutes.

T-Mobile has disclosed their second breach of 2023. According to the mobile provider a threat actor gained access to their systems in February and was not detected until March. This allowed the attacker access to a small amount of customer data, 836 records. T-Mobile is stating that the data did not contain financial information, but it did contain enough Personally Identifying Information (PII) that the affected customers are exposed to identity theft.

According to the notification letters, the data accessed could include full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines. As a precaution T-Mobile has reset the account PIN for all customers affected by this latest breach.

Although this breach affected a small number of T-Mobile customers it does call their security methods into account given their history of data breaches. T-Mobile states that their detection systems “worked as designed” but cannot account for the dwell time of the attacker. If the attacker gained access in late February and their systems alerted them in late March, that is a big time difference to account for. Begging the question; has T-Mobile put the proper safeguards in place to protect their client data?

In January of 2023 (January 19th) T-Mobile disclosed that an API had been abused by threat actors which led to the disclosure of 37 million customer records. This attack began in November of 20022. The attack was not spotted until January 9th. I will give credit to T-Mobile for their response once they detected the abused API, they were able to boot the attackers out in less than 24 hours. Still the damage was done, 37 million customers’ basic customer information had been stollen from them.

This latest breach marks the 7th breach reported by the mobile provider since 2018, including one by the Lapsus$ group in April of 2022. Perhaps T-Mobile needs to take a look at their internal systems with an eye towards early detection and response.

Read 881 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.