T-Mobile Customers Affected By Massive Breach

More than 54 million T-Mobile customers have been hit by a US data breach, the company has admitted, blaming the breach on a "highly sophisticated cyberattack". The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data online.

The company has it said it is "taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack" and has confirmed that an unknown individual in an online forum is claiming to have breached its systems and attempting to sell stolen customer data. 

Those T-Mobuile customers affected include 7.8 million current postpaid customers and about 46 million former and prospective customers who applied for payment plans, but no financial details were leaked, so far as the company is aware.

While US officials have warned of an increase in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point.
"Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems... We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment... We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers." a spokesman said.

Around 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed but T-Mobile says that it has reset all of the PINs on the accounts to protect customers. No phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the files of the customers whose details were breached.

Hackers previously stole the personal information of 15 million T-Mobile customers and potential customers in the US in 2015.
There is no indication yet that former UK customers of T-Mobile have been hit by the data breach. The company's UK operation T-Mobile UK was rebranded as EE in 2012 and sold to BT in 2016 for more than £12bn.

The massive breach at the mobile carrier comes amid a spate of recent high-profile cybersecurity attacks on firms big and small, raising concerns from many that no company is immune

Some of the deeply personal data made available through this data breach could be a gold mine for attackers who want to make use of your credit. T-Mobile advisess that changing your account password and PIN should be one of the first things you do, because the personal information made available through the data breach can give an attacker almost everything they need to gain access T-Mobile users' accounts.

Reuters:      ABC:      Washington Post:     Financial Times:     Wall Street Journal:      BBC:

You Might Also Read:

Minimising The Impact Of Ransomware:

 

« US State Department Under Attack
Seven Ways That Social Media Sabotages Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

Threatpost

Threatpost

Threatpost, is an independent news site which is a leading source of information about IT and business security.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

Nigerian Communications Commission (NCC)

Nigerian Communications Commission (NCC)

NCC has established a CSIRT for the telecommunication industry to provide services and support for the prevention and management of potential cyber security related emergencies.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Lavabit

Lavabit

Lavabit's Dark Internet Mail Environment is a secure, open-source, secure end-to-end communications platform for asynchronous messaging across the internet.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.

Quantum Squint

Quantum Squint

Quantum Squint is a cutting-edge cybersecurity company specializing in the use of advanced regression management techniques to detect, analyze, and prevent vulnerabilities in digital systems.