T-Mobile Breach Now Affects 54.6 Million Individuals

Around six million more current and former T-Mobile customers were affected by a recently disclosed data breach, the US carrier has revealed.

The firm said it was confident it had now closed off access and egress points for the attack but admitted that the breach impacted many more individuals than at first thought.

It said 5.3 million more post-paid customers accounts were compromised, exposing names, addresses, date of births, phone numbers, IMEIs and IMSIs. That’s on top of the 7.8 million already breached.

T-Mobile said it had now also determined that phone numbers and IMEI and IMSI information were compromised for these 7.8 million individuals. That puts them at greater risk of SIM swapping fraud.

In addition, an extra 667,000 accounts of former T- Mobile customers have been accessed, compromising customer names, phone numbers, addresses and dates of birth, the carrier said.

This is on top of the 40 million former and prospective customers who had applied for credit and whose details were subsequently stolen by attackers.

Finally, up to 52,000 names related to current Metro by T-Mobile accounts may have been included in the hackers’ haul. However, no other personally identifiable information (PII) was taken from these individuals.

With the additional disclosures, the total figure for the breach now stands at 54.6 million current, former and prospective customers, up from 49 million.

Martin Riley, director of managed security services at Bridewell Consulting, said it was extremely concerning that T-Mobile was only made aware of the original incident after a threat actor started selling stolen customer data online.

“The problem is that working out what has been taken, and when, can be very challenging for many organizations which is why the average breach detection and containment time is still so long,” he added.

“Enterprises need to shift from a security monitoring and notification approach to one focused on threat detection and response. T-Mobile has been subject to numerous attacks in the past few years and needs to act competently and confidently to minimize reputational damage or a decline in public confidence.”

What’s Hot on Infosecurity Magazine?