T-Mobile Suffers Another Breach as Staff Emails Targeted

T-Mobile customers in the US are on alert for phishing attacks once again after the company warned that some account information has been compromised.

In a note published on Wednesday, the carrier claimed that it recently “identified and quickly shut down” a “sophisticated” attack targeting its email vendor.

“Our cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees,” it explained.

“An investigation was immediately commenced, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was affected. We immediately reported this matter to federal law enforcement and are actively cooperating in their investigation.”

Although financial information and Social Security numbers are not affected, the stolen data may have included customer names, addresses, phone numbers, account numbers, rate plans, and billing information.

The firm said it’s still in the process of notifying customers and, in the meantime, urged them to reset their account PINs.

Peter Goldstein, CTO of Valimail, argued that compromised customers may be targeted by scammers.

“With access to a plethora of personal data on past and current customers and employees, hackers can potentially trade this data for profit in dark web marketplaces, or use it to commit account takeover, identity theft, or other scams,” he said.

“In fact, phishing campaigns often follow hot on the heels of breaches like this. Leveraging the compromised data, the malicious actor could target customers with extremely convincing phishing emails that appear to come from the breached company in order to harvest more sensitive information from them.”

This is by no means the first incident of its kind the carrier has suffered. The personal details of an estimated two million customers were illegally accessed in 2018, and a similar incident happened a year later to some prepaid customers.

Registration is now open! Join the Infosecurity Magazine Online Summit. Download the full agenda & find out more #IMOS20 https://bit.ly/2IigL69

What’s Hot on Infosecurity Magazine?