T-Mobile Discloses Second Data Breach of 2023 Affecting Hundreds of Customers
Hackers Target T-Mobile Again: Second Data Breach in 2023
T-Mobile, one of the largest mobile carriers in the United States, recently disclosed its second data breach of 2023. According to the company, hackers gained access to the personal information of 836 customers for more than a month, starting in late February. Although this is a relatively small number of customers compared to previous data breaches reported by T-Mobile, the amount of exposed information is highly extensive and could lead to identity theft and phishing attacks.
The exposed personally identifiable information included customers’ full names, contact information, account numbers, associated phone numbers, T-Mobile account PINs, social security numbers, government IDs, dates of birth, balance due, internal codes that T-Mobile uses to service customer accounts, and the number of lines. While the threat actors did not gain access to call records or customers’ personal financial account information, the exposed data is more than enough for identity theft.
T-Mobile reset account PINs for impacted customers and is offering two years of free credit monitoring and identity theft detection services through Transunion myTrueIdentity. The company is taking measures to address the breach and ensure that such incidents do not occur in the future.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
This is the second such incident T-Mobile has revealed since the start of the year. The previous data breach, which impacted 37 million people, was disclosed on January 19 after attackers stole customers’ personal information by abusing a vulnerable Application Programming Interface (API) in November 2022.
Trending: Offensive Security Tool: Go365
T-Mobile’s History of Data Breaches
T-Mobile has a history of data breaches, including one that exposed the information of roughly 3% of all T-Mobile customers in 2018.
- In 2019, the account information of an undisclosed number of prepaid customers was exposed.
- In March 2020, T-Mobile employees were affected by a data breach exposing their personal and financial information.
- In December 2020, threat actors accessed customer proprietary network information (phone numbers, call records).
- In February 2021, an internal T-Mobile application was accessed by unknown attackers without authorization.
- In August 2021, hackers brute-forced their way through the carrier’s network following a breach of a T-Mobile testing environment.
- Finally, in April 2022, the Lapsus$ extortion gang breached T-Mobile’s network using stolen credentials.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
North Korean APT Kimsuky Deploys New Gomir Linux Backdoor in Targeted Attacks
FBI Shuts Down Infamous BreachForums in International Cybercrime Crackdown
D-Link’s DIR-X4860 Vulnerable to Remote Command Execution with Zero-Day Exploit and Released PoC
Apple: Security Patch Rollout Shields Older iPhones from Zero-Day Attacks
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
