T-Mobile Customers Affected By Massive Breach

Uploaded on 2021-08-23 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

More than 54 million T-Mobile customers have been hit by a US data breach, the company has admitted, blaming the breach on a "highly sophisticated cyberattack". The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data online.

The company has it said it is "taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack" and has confirmed that an unknown individual in an online forum is claiming to have breached its systems and attempting to sell stolen customer data. 

Those T-Mobuile customers affected include 7.8 million current postpaid customers and about 46 million former and prospective customers who applied for payment plans, but no financial details were leaked, so far as the company is aware.

While US officials have warned of an increase in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point.
"Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems... We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment... We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers." a spokesman said.

Around 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed but T-Mobile says that it has reset all of the PINs on the accounts to protect customers. No phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the files of the customers whose details were breached.

Hackers previously stole the personal information of 15 million T-Mobile customers and potential customers in the US in 2015.
There is no indication yet that former UK customers of T-Mobile have been hit by the data breach. The company's UK operation T-Mobile UK was rebranded as EE in 2012 and sold to BT in 2016 for more than £12bn.

The massive breach at the mobile carrier comes amid a spate of recent high-profile cybersecurity attacks on firms big and small, raising concerns from many that no company is immune

Some of the deeply personal data made available through this data breach could be a gold mine for attackers who want to make use of your credit. T-Mobile advisess that changing your account password and PIN should be one of the first things you do, because the personal information made available through the data breach can give an attacker almost everything they need to gain access T-Mobile users' accounts.

Reuters:      ABC:      Washington Post:     Financial Times:     Wall Street Journal:      BBC:

You Might Also Read:

Minimising The Impact Of Ransomware:

 

« US State Department Under Attack
Seven Ways That Social Media Sabotages Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Sidcon International Consulting Company

Sidcon International Consulting Company

SIDCON International Consulting Company has been providing consulting services since 2002 for private and public organizations in Ukraine and other countries.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.

Qi An Xin (QAX)

Qi An Xin (QAX)

QAX is a listed company based in China, and a leader in cybersecurity industry, providing new generation enterprise-level and national-level cybersecurity solutions.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.