Through our investigation into this incident, which has been supported by world-class security experts Mandiant from the very beginning, we now know how this bad actor illegally gained entry to our servers and we have closed those access points. We are confident that there is no ongoing risk to customer data from this breach.
Since confirming this breach, we have worked around the clock to understand impact and risk to customers and others and have done our very best to be transparent about those impacts as quickly as possible. This is not a one-and-done process. There is much work to do, and this will take time, and we remain committed to doing our best to ensure those who had information exposed feel informed, supported, and protected by T-Mobile.
Over a million T-Mobile customers hit in data breach
Download: https://miimms.com/2vFd5l
As of today, we have notified just about every current T-Mobile customer or primary account holder who had data such as name and current address, social security number, or government ID number compromised. T-Mobile customers or primary account holders who we do not believe had that data impacted will now see a banner on their MyT-Mobile.com account login page letting them know. We are also now working diligently to notify former and prospective customers. Our goal is to ensure that we are providing clear information about how customers and those affected can protect themselves. So, we have published a web page where we are:
T-Mobile US Inc. is facing two proposed federal class actions alleging it was negligent in connection with a data breach announced just days ago that exposed the personal information of 37 million customers.
The company, Experian, said Thursday that it experienced a breach that nabbed customer data from September 1, 2013, to September 16, 2015. The stolen data includes names, birth dates, addresses, and Social Security and drivers' license numbers, but not credit card or payment information, Experian said.
Experian stores the data when it runs a check on customers' credit scores to determine whether they qualify for service and what promotions they're able to take advantage of. At risk from the breach is anyone who went through a credit check, whether an existing or former customer, or even an applicant who opted to switch right after the approval process.
The breach marks the latest high-profile compromising of personal data, a list that includes the US government losing the information of 4 million federal workers and health insurer Excellus BlueCross BlueShield seeing 10 million health records exposed. Last year, Home Depot and Target were among the major companies hit by hackers in what has become increasingly dangerous cyberwaters.
"This data breach is certainly a big deal," said Jonathan Bowers, a fraud and data specialist at fraud prevention provider Trustev. "Give a fraudster your comprehensive personal information, they can steal your identity and take out lines of credit that destroy your finances for years to come."
T-Mobile CEO John Legere warned his customers in a tweet, blog post and frequently asked questions page. "Obviously I'm incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," he said.
Experian, which is taking responsibility for the breach, said it's in the process of notifying customers who may be affected. Both existing and former customers would receive letters next week, according to a T-Mobile spokesman.
In an accompanying press release, T-Mobile seemingly tried to downplay the type of data that was revealed in the breach by noting that some of this type of "basic customer information" is "widely available in marketing databases or directories."
The news of the latest data breach comes as the carrier is in the final days of the settlement phase from a 2021 cyberattack that exposed the data of roughly 76.6 million people. T-Mobile agreed to a $500 million settlement in the case in July, with $350 million going to settle customer claims from a class action lawsuit and $150 million going to upgrade its data protection system.
T-Mobile has been hit by another data breach, this time impacting approximately 37 million customers. The wireless carrier said a bad actor obtained basic customer information -- such as names, account numbers, and billing addresses -- but did not access any sensitive customer information, including government ID numbers or payment card information.
According to a disclosure document T-Mobile filed with the US Securities and Exchange Commission, the company believes the bad actor first gained access to customer information around November 25, 2022. T-Mobile discovered the breach on January 5, 2023.
The hacker used a single application programming interface (API) to gain access to T-Mobile data. The company is still investigating the breach but said the malicious activity appears to be fully contained.
The breach hit postpaid and prepaid customer accounts. According to T-Mobile, no passwords, payment card information, social security numbers, government ID numbers, or other financial account information were compromised. The hacker did gain access to basic data, including customer names, billing addresses, emails, phone numbers, dates of birth, account numbers, and information such as the number of lines on the account and service plan features.
T-Mobile has been hit by a number of data breaches in recent years. The company will soon pay $350 million to settle customer claims from a class action lawsuit stemming from a data breach. The company is also in the middle of a major, multi-year cybersecurity overhaul.
"We have made substantial progress to date, and protecting our customers' data remains a top priority. We will continue to make substantial investments to strengthen our cybersecurity program," the company said in its SEC filing.
T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).
The company said the API abused in this security breach did not allow the attacker to gain access to affected customers' driver's licenses or other government ID numbers, social security numbers/tax IDs, passwords/PINs, payment card information (PCI) or other financial account info.
"The preliminary result from our investigation indicates that the bad actor(s) obtained data from this API for approximately 37 million current postpaid and prepaid customer accounts, though many of these accounts did not include the full data set."
While this is the first breach disclosed by T-Mobile since the start of the year, the mobile carrier has disclosed seven other data breaches since 2018, including one where attackers gained access to the data of roughly 3% of all T-Mobile customers.
U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth. Michael Dwyer/AP hide caption
"Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time," T-Mobile said, with no evidence the intruder was able to breach the company's network. It said the data was first accessed on or around Nov. 25.
The company has been hacked multiple times in recent years. In its filing, T-Mobile said it did not expect the latest breach to have material impact on its operations. But a senior analyst for Moody's Investors Service, Neil Mack, said in a statement that the breach raises questions about management's cyber governance and could alienate customers and attract scrutiny by the Federal Communications Commission and other regulators.
In July, T-Mobile agreed to pay $350 million to customers who filed a class action lawsuit after the company disclosed in August 2021 that personal data including Social Security numbers and driver's license info had been stolen. Nearly 80 million U.S. residents were affected.
T-Mobile, based in Bellevue, Washington, became one of the country's largest cellphone service carriers in 2020 after buying rival Sprint. It reported having more than 102 million customers after the merger.
In the era when smartphones have become indispensable in so many aspects of life, data breaches can be more devastating than ever before. The recent T-Mobile attack is a perfect example of such breaches. Here is what we know about the incident:
T-Mobile has suffered repeated breaches and cybersecurity incidents over recent years. In 2020 it alerted some US customers about follow-on fraud after some of its employee email accounts containing their info were hijacked.
T-Mobile is no stranger to data breaches, with this most recent attack marking the fifth in five years. Since 2018, T-Mobile has suffered one or more data breaches each year, with 2021 bringing a particularly severe breach that exposed the data of 40 million former and prospective customers, as well as that of 7.8 million existing customers.
In August 2021, various customer data was accessed via a data breach, including passwords, driving license data, and payment card information. This led to a class action lawsuit, wherein T-Mobile agreed to pay a hefty $350 million compensation bill to customers and dedicate another $150 million to improve its security levels across two years.
As we continue to rely on technology for data storage, breaches continue to present a huge risk to organizations and individuals around the world. This is why it's important for the parties we entrust with our data to do what they can to heard off cybercrime and keep sensitive information safe.
The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.
T-Mobile did not disclose how many customers were impacted. Citing a company spokesperson, Vice reports the breach impacted roughly 3 percent of its 77 million customers, which is approximately 2.3 million customers. 2ff7e9595c
Comments