phone-red Call us about IT Support in London 020 7572 0000

T-Mobile hit by sixth data breach in the last four years

Byte-size Bulletin by Rachael Brown in News on Sep 1, 2021

T-Mobile has been hit by its sixth data breach over the last four years. This breach exposed 40 million records of former or prospective customers, compromising over 7.8 current T-Mobile customers in the process. 

T-Mobile has acknowledged the attack, calling it a “high sophisticated cyber attack” in a  public statement. 

The company discovered the breach through a tip that claimed a threat actor was posting in an online forum that they had compromised T-Mobile systems and had obtained data to sell. The company then located and closed the access point which may have been used by this actor to gain unlawful entry to their server. 

T-Mobile in coordination with law enforcement has confirmed that the data stolen included customers personal information. This thankfully has been confirmed by T-Mobile not to include payment details, like credit card or debit card information. 

What the data stolen does include is names, phone numbers, social security numbers, driver's license information, and unique mobile device identifiers (IMEI numbers). An IMEI combined with other personal data can be used to bypass Multi-factor authentication that relies on mobile SMS.

If you are a current or former T-mobile customer affected by the breach, you are at risk of social engineering and identity theft. 

Whoever purchases the stolen names, SSN, addresses and IMEI could potentially use it in social engineering attacks, crafting highly convincing and detailed phishing emails.

These may even include emails asking users to provide credit card information or otherwise for alleged payment of T-Mobile services. The scammers also may not just use email but text messages or phone calls.  

Cybersecurity experts point to this breach, the sixth T-Mobile has faced in four years, as further evidence of the sheer risk companies are facing from cyber attacks today.

Ric Longenecker, CISO at open systems, argued in response there is “collective effort” needed from companies to “combat the risk posed by cybercriminals” as threats continue to become more sophisticated and rampant. 

Photo by Mika Baumeister on Unsplash

Subscribe to our Bulletins

Free Download

Is IT a bottleneck to your company’s growth?

Discover how small business IT support can be a strong ally in making you more productive and competitive.

Download Ebook