Free Newsletters for the Channel
Register for Your Free Newsletter Now
This is the latest of numerous T-Mobile data breaches.
January 20, 2023
The personal information of about 37 million T-Mobile customers was stolen in a recent hack. This is the latest of numerous T-Mobile data breaches.
T-Mobile confirmed this latest hack in a U.S. Securities and Exchange Commission (SEC) filing. On Jan. 5, it discovered a “bad actor” was obtaining data from a single API without authorization.
“We promptly commenced an investigation with external cybersecurity experts,” it said.
T-Mobile’s investigation is ongoing. The hacker didn’t breach or compromise T-Mobile’s systems or network.
The API abused by the bad actor does not provide access to any customer payment card information (PCI), Social Security numbers/tax IDs, driver’s licenses or other government ID numbers, passwords/PINs or other financial account information, T-Mobile said.
The API did provide customer account data. That included names, billing addresses, email addresses, phone numbers and dates of birth. It also provided T-Mobile account numbers and information such as the number of lines on the account and plan features.
It appears the bad actor first retrieved data through the impacted API starting on or around Nov. 25, T-Mobile said.
“We are continuing to diligently investigate the unauthorized activity,” it said. “In addition, we have notified certain federal agencies about the incident. And we are concurrently working with law enforcement.”
In addition, T-Mobile is notifying customers whose information may have been stolen.
Last July, T-Mobile agreed to pay $350 million to customers in a class-action lawsuit related to personal information stolen in a 2021 cyberattack.
Nick Rago is field CTO at Salt Security. He said T-Mobile has provided no technical details on the hack in its SEC filing.
Salt Security’s Nick Rago
“Uncovering an API attack after the fact – in this case, 41 days and 37 million records later – is just not good enough,” he said. “Many questions remain to be answered by T-Mobile about the incident. Was the API known to T-Mobile? Did it require any authentication and authorization to use? Where was the API exposed and what was its business and functional purpose?”
Now more than ever, organizations must have proper API runtime protection in place, Rago said.
David Emm is principal security researcher at Kaspersky.
Kaspersky’s David Emm
“For T-Mobile customers, this breach means only one thing: Consumers need to be extremely vigilant over the coming days and weeks,” he said.
Customers could expect phishing attacks from threat actors pretending to be T-Mobile representatives or even competitors offering special deals, Emm said.
“The best advice we can give to all T-Mobile customers is not to respond to unsolicited messages,” he said. “If you want to check a deal, go directly to a company’s website, rather than clicking a link in an email.”
The attackers might make the database publicly accessible by putting it up for sale on the dark net, Emm said. This is a common action for ransomware actors. They post about new successful hacking incidents in their public blogs, as well as the stolen data itself.
Read more about:Agents
You May Also Like
Channel People on the Move: AT&T, C1, Mitel, TD Synnex, MoreMar 1, 2024
Viirtue, MSP Partners Seek Larger Piece of IT PieFeb 29, 2024
New Cisco OT Route to Market Opens New Partner SetFeb 29, 2024
Broadcom-VMware Saga Update: Nutanix Wins, Carbon Black Sale, Hock Tan PayFeb 29, 2024