T-Mobile Reveals Second Breach of the Year

Written by

T-Mobile USA has begun notifying customers impacted by yet another breach at the firm, which may have resulted in a significant volume of compromised personal and account data.

The telco giant said in a breach notification letter that its own systems flagged the unauthorized intrusion in March. A malicious actor had access to hundreds of customer accounts between late February and March 2023.

Although no financial information or call record data was taken, those affected will need to pay careful attention to follow-on fraud attempts.

“The information obtained for each customer varied, but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines,” the letter explained.

Read more on T-Mobile security threats: T-Mobile: 49 Million Customers Hit by Data Breach.

T-Mobile said it has already reset impacted customers’ T-Mobile account PIN and is offering two years of free credit monitoring and identity theft detection services.

“We also urge you to remain vigilant by monitoring account activity and free credit reports, and reviewing your security choices on your email, financial and other accounts,” T-Mobile warned.

“We encourage customers to use features that T-Mobile offers, including Account Takeover Protection, number transfer PINs, two-step verification, free scam protection with Scam Shield, SIM Protection, a security dashboard and more.”

The news, which affected a little over 800 customers, comes just a few months after the carrier revealed a huge breach impacting around 37 million consumers.

That incident, which came about after threat actors targeted an exposed API, was not discovered for around a month and a half.

The US carrier has suffered multiple breaches over the years, including one revealed in August 2021 that impacted nearly 49 million customers.

Editorial image credit: Sulastri Sulastri / Shutterstock.com

What’s hot on Infosecurity Magazine?