T-Mobile Suffers Second Data Breach of 2023

• T-Mobile has disclosed its second data breach of the year 2023, with unauthorized access to personal information of hundreds of its customers detected between late February and March 2023. The exposed information includes full names, contact information, account numbers, phone numbers, T-Mobile account PINs, social security numbers, government IDs, and more.
• This is part of a larger pattern, as T-Mobile has reported a total of seven breaches since 2018, including a significant one in January 2023 affecting 37 million customers. The company has taken steps to mitigate the impact by resetting affected customers’ PINs and offering free credit monitoring and identity theft detection services. However, the recurring incidents highlight the need for enhanced security measures to protect customer data.

T-Mobile has disclosed the second data breach of the year 2023, marking a concerning trend in the company’s security. The company detected unauthorized access to the personal information of hundreds of its customers over a period of more than a month, beginning in late February 2023. This follows a similar incident that occurred earlier in the year, as well as several others in recent years​.

Despite the comparatively small number of customers affected in this latest breach (836, as compared to the 37 million impacted by a previous breach), the extent of the exposed information is extensive and raises serious concerns about identity theft and phishing attacks. T-Mobile emphasized that call records or personal financial account information were not accessed, but the breach did result in the exposure of personally identifiable information (PII) such as full names, contact information, account numbers, phone numbers, T-Mobile account PINs, social security numbers, government IDs, dates of birth, balance due, internal codes used by T-Mobile for customer service, and the number of lines associated with each account​.

T-Mobile has taken immediate action to protect its customers. Upon detecting the security breach, the company proactively reset the account PINs of the affected customers. In addition, T-Mobile is offering two years of free credit monitoring and identity theft detection services through Transunion’s myTrueIdentity program​.

This is the second data breach that T-Mobile has disclosed since the start of 2023. The previous incident was reported on January 19, when attackers stole the personal information of 37 million customers by exploiting a vulnerable Application Programming Interface (API) in November 2022. T-Mobile identified the malicious activity on January 5 and severed the attackers’ access to its systems within 24 hours. The data stolen during the January breach was described as “basic customer information” including names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers, and details such as the number of lines on the account and plan features​.

This pattern of data breaches is not new for T-Mobile. Since 2018, the company has reported seven other data breaches, including one that exposed the information of roughly 3% of all T-Mobile customers. This history of breaches points to a need for enhanced security measures to protect the sensitive information of T-Mobile customers​.

T-Mobile has not yet provided additional details regarding the most recent data breach. However, the ongoing nature of these incidents underscores the urgent need for increased security measures and vigilance within the company. As T-Mobile continues to respond to these breaches, customers are advised to stay vigilant, monitor their accounts for suspicious activity, and take advantage of the credit monitoring and identity theft detection services offered.

Source(s)
Bleepingcomputer.com