Edgar Cervantes / Android Authority
TL;DR
- T-Mobile has disclosed a breach of 37 million accounts.
- Details that came to light in this incident include names, addresses, phone numbers and more.
- The carrier claimed that financial information, social security numbers and government IDs had not been made public.
T-Mobile has had several data breaches since 2018, with the most recent incidents occurring in 2022 and 2021. Now the US carrier has confirmed that it has suffered another data breach, affecting 37 million prepaid and postpaid accounts.
T-Mobile confirmed the breach in a press release and SEC filing (h/t: TechCrunch), noting that the breach first occurred on November 25 and was then discovered on January 5. The attacker stole the data by using an API “without permission”.
The carrier claimed that customer data such as payment information, Social Security numbers, government identification numbers, passwords/PINs and other financial details had not been made public.
However, T-Mobile confirmed that the exposed data includes names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers and subscription details (e.g. number of lines, subscription characteristics).
Nevertheless, this latest breach comes nearly a year after the company’s source code was reportedly stolen by the cybercriminal group Lapsus. It also comes after a major breach in 2021 that affected more than 47 million accounts. The 2021 incident revealed details such as social security numbers, driver’s licenses, phone numbers and physical addresses.