T-Mobile has disclosed a second data breach in 2023, which exposed the personal information of 836 customers for over a month, starting in late February. Compared to previous breaches, which impacted millions of customers, this one affected only a small number, but the amount of exposed data is extensive and could lead to identity theft and phishing attacks.
The exposed data includes personally identifiable information, such as full names, contact information, account numbers, social security numbers, government IDs, dates of birth, balance due, and T-Mobile account PINs. T-Mobile has reset account PINs for affected customers and is offering them two years of free credit monitoring and identity theft detection services through Transunion myTrueIdentity.
This is the second data breach T-Mobile has revealed in 2023, after attackers stole the personal information of 37 million customers in January. The previous breach was caused by abusing a vulnerable Application Programming Interface in November 2022.
In the January breach, threat actors stole basic customer information, such as names, billing addresses, emails, phone numbers, dates of birth, and T-Mobile account numbers.
Since 2018, T-Mobile has disclosed a total of nine data breaches, including this latest incident. Previous incidents have exposed the personal and financial information of employees, customer proprietary network information, and the information of prepaid customers.
In some cases, attackers accessed T-Mobile’s systems without authorization, while in others, they used stolen credentials. T-Mobile has been offering affected customers free credit monitoring and identity theft detection services in response to the breaches.
T-Mobile has not provided further details on the latest breach, and a spokesperson was not available for comment. However, the company has stated that the measures in place to detect unauthorized activity worked as designed, allowing them to identify the breach and take steps to mitigate its impact.
The breaches highlight the need for companies to take data security seriously and implement effective measures to prevent unauthorized access to sensitive information.
