T-Mobile claims threat actors acquired limited access to information from a few accounts. This is the second data leak of the year 2023. Beginning in late February 2023, hackers gained access to hundreds of consumers' personal information for over a month.
"In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed, and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023," the company stated in data breach notification letters sent to affected customers.
Compared to T-Mobile's previous data breaches, the most recent of which affected 37 million subscribers, sources indicate that this incident affected only 836 people.
What Details Were Included in the Data Breach?
According to T-Mobile, the exposed personally identifiable information contains more than enough information for identity theft. The threat actors, however, did not gain access to call logs or the affected individuals' personal financial account information.
The exposed information changed for each of the impacted consumers, however, it may have contained the following details;
- Full name,
- Contact information,
- Account number and
- Associated phone numbers,
- T-Mobile account PIN,
- Social security number,
- Government ID,
- Date of birth,
- Balance due.
T-Mobile uses internal codes to service customer accounts (such as rate plans and feature codes) and the number of lines.
Following the discovery of the security breach, T-Mobile proactively reset account PINs for impacted customers and is now offering two years of free credit monitoring and identity theft detection services through Transunion myTrueIdentity. "To protect your account, we proactively reset your T-Mobile Account Pin," T-Mobile stated.
Recommendations for The Affected Customers from T-Mobile:
The organization suggests that you review your account information and change your PIN to something fresh. You can do so by going to T-Mobile.com, contacting 1-800-937-8997, or dialling 611.
The organization also recommends you be vigilant by evaluating your security settings on email, financial, and other accounts, as well as checking account activity and free credit reports.
They encourage customers to use T-Mobile solutions such as Account Takeover Prevention, PINs for number transfers, two-step verification, free fraud prevention with Scam Shield, SIM protection, a security dashboard, and so on.
T-Mobile has confirmed the second incident since the start of the year. The most recent data breach was disclosed on January 19, when attackers used an insecure Application Programming Interface (API) to steal the personal information of 37 million customers in November 2022.
T-Mobile specifically characterized the stolen data in the January incident as "basic customer information," which includes "name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features."
Please do not enter any spam link in the comment box.