T-Mobile Customers Affected By Massive Breach

More than 54 million T-Mobile customers have been hit by a US data breach, the company has admitted, blaming the breach on a "highly sophisticated cyberattack". The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data online.

The company has it said it is "taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack" and has confirmed that an unknown individual in an online forum is claiming to have breached its systems and attempting to sell stolen customer data. 

Those T-Mobuile customers affected include 7.8 million current postpaid customers and about 46 million former and prospective customers who applied for payment plans, but no financial details were leaked, so far as the company is aware.

While US officials have warned of an increase in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point.
"Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems... We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment... We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers." a spokesman said.

Around 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed but T-Mobile says that it has reset all of the PINs on the accounts to protect customers. No phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the files of the customers whose details were breached.

Hackers previously stole the personal information of 15 million T-Mobile customers and potential customers in the US in 2015.
There is no indication yet that former UK customers of T-Mobile have been hit by the data breach. The company's UK operation T-Mobile UK was rebranded as EE in 2012 and sold to BT in 2016 for more than £12bn.

The massive breach at the mobile carrier comes amid a spate of recent high-profile cybersecurity attacks on firms big and small, raising concerns from many that no company is immune

Some of the deeply personal data made available through this data breach could be a gold mine for attackers who want to make use of your credit. T-Mobile advisess that changing your account password and PIN should be one of the first things you do, because the personal information made available through the data breach can give an attacker almost everything they need to gain access T-Mobile users' accounts.

Reuters:      ABC:      Washington Post:     Financial Times:     Wall Street Journal:      BBC:

You Might Also Read:

Minimising The Impact Of Ransomware:

 

« US State Department Under Attack
Seven Ways That Social Media Sabotages Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

Bitcrack

Bitcrack

Bitcrack Cyber Security helps your company understand and defend your threat landscape using our key experience and skills in cybersecurity, threat mitigation and risk.

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Sekur Private Data

Sekur Private Data

Sekur Private Data Ltd. is a Cybersecurity and Internet privacy provider of Swiss hosted solutions for secure communications and secure data management.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.

Zafran

Zafran

Zafran is a Risk & Mitigation Platform that defuses threat exploitation by mobilizing existing security tools.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

SecureCyber

SecureCyber

Secure Cyber Defense offers industry-leading technology and managed detection and response solutions.