T-Mobile USA has started alerting customers whose personal information and account data may have been exposed as a consequence of yet another security breach at the company. This latest incident may have led to a considerable amount of stolen information.
In a statement notifying customers of a breach, the multinational telecommunications company said that its own systems had detected an unwanted access in March. Between the end of February and the beginning of March 2023, a malicious actor had access to the accounts of hundreds of customers.
Despite the fact that no financial information or call record data was stolen, those who were affected will still need to keep a vigilant eye out for additional attempts at fraud. According to a statement that was posted on the website of Aaron Frey, the Attorney General of Maine, 836 consumers were impacted by the incursion, which began on February 24 and continued until March 30.
T-Mobile wrote in a letter that was sent to customers whose information was compromised, “The information obtained for each customer was unique but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines.” T-Mobile users’ Personal Identification Numbers (PINs), which are used to exchange SIM cards and enable other significant changes to their accounts, were reset on March 27 when the company identified the security issue.
This is the second data breach that has occurred at T-Mobile so far in this year. T-Mobile reported seven further attacks spanning the years 2018 to 2022. The most recent of these incidents, which was reported in April 2022, involved a hacker group that goes by the name of Lapsus$ gaining access to the company’s internal tools and, from there, carrying out so-called SIM swaps. SIM swaps are a type of hack that permits unauthorized people to port someone else’s phone number to the phone of the threat actor. T-Mobile has informed consumers that their T-Mobile account PINs have already been reset, and the company has also announced that it would provide two years of free credit monitoring and identity theft detection services.
“We also urge you to remain vigilant by monitoring account activity and free credit reports, and reviewing your security choices on your email, financial, and other accounts,” the warning from T-Mobile said.
“We encourage customers to use the features that T-Mobile offers, including Account Takeover Protection, number transfer PINs, two-step verification, free scam protection with Scam Shield, SIM Protection, a security dashboard, and more.”
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.