T-Mobile has once again suffered a data breach that exposed the personal information of 37 million of its customers. At this point, if you're a T-Mobile customer, you're really not surprised, as data breaches seem like such a common occurrence with the wireless carrier. The last major data breach it suffered was just a couple of years ago in 2021.
While the data of 37 million customers was exposed this go around, the previous data breach was much worse, compromising over 40 million customers. In addition, the 2021 breach was more serious as it exposed customer names, date of births, social security numbers, ID numbers, and more. In fact, the incident is so fresh, the company still has settlement page open that is meant to compensate those that were affected by the attack.
Although the company did announce the breach on its own webpage, it did not go into many details. Those curious about the breach needed to instead go to the SEC filing to find out the extent of the damage. T-Mobile states that it experienced a breach "starting on or around November 25, 2022" and that it is in the process of notifying those that were affected. As for what happened, the company determined that "a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts." It further states that it removed the issue within 24 hours of discovering it. As far as what kind of information was leaked this time around, T-Mobile states:
No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.
Per usual, the company states that it will strengthen and improve its security. The question is, when will T-Mobile start taking this more seriously?
Source: T-Mobile, US Securities and Exchange Commission
Via: CNN